digip Posted January 18, 2008 Share Posted January 18, 2008 A few versions of BitTorrent and uTorrent programs currently contain a DoS bug. As of now, looks like uTorrent is the only one to have released an update(but don't quote me on that, as I only use uTorrent) It seems to be a unicode bug pertaining to long strings. More info from the txt link as well as POC file: http://aluigi.altervista.org/adv/ruttorrent-adv.txt http://aluigi.org/poc/ruttorrent.zip Upgrade your preferred client if possible or use uTorrent 1.7.6 (build 7859) until your fav client releases a fix. They say no code can be executed in the DoS attack but it is probably only a matter of time before someone finds another way to exploit a unicode bug now that people are aware of it. The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) which has fixed the issue. - http://torrentfreak.com/bittorrent-clients...-attack-080117/ Funny related topic: http://hackd.net/2008/01/17/bittorrent-dos...t-for-the-riaa/ Quote Link to comment Share on other sites More sharing options...
Sparda Posted January 18, 2008 Share Posted January 18, 2008 KTorrent ftw Quote Link to comment Share on other sites More sharing options...
tabath Posted January 18, 2008 Share Posted January 18, 2008 Thanks for the heads up - Iwasn't uptodate with utorrent but am now :D Quote Link to comment Share on other sites More sharing options...
VaKo Posted January 18, 2008 Share Posted January 18, 2008 Personally I've always thought unmanaged bittorrent traffic was pretty much a DoS attack to anyone on the same network. Quote Link to comment Share on other sites More sharing options...
anyedie Posted January 19, 2008 Share Posted January 19, 2008 Personally I've always thought unmanaged bittorrent traffic was pretty much a DoS attack to anyone on the same network. lol VaKo, lol. Quote Link to comment Share on other sites More sharing options...
Shaun Posted January 19, 2008 Share Posted January 19, 2008 I wouldn't really says this is many. The link in the OP says only µTorrent and BitTorrent are affected. That's only 2. I guess other clients based on the original BitTorrent might be affected as well if they use the affected code unmodified. Maybe BitTornado or something. Quote Link to comment Share on other sites More sharing options...
digip Posted January 19, 2008 Author Share Posted January 19, 2008 I wouldn't really says this is many. The link in the OP says only µTorrent and BitTorrent are affected. That's only 2. I guess other clients based on the original BitTorrent might be affected as well if they use the affected code unmodified. Maybe BitTornado or something. Guess I should rephrase that. Many, as in many of the versions of BitTorrent and uTorrent are still vulnerable. Topic edited. Thanks. Quote Link to comment Share on other sites More sharing options...
Mark Manching Posted January 19, 2008 Share Posted January 19, 2008 Better to Update this BitTorrent or uTorrent avoid attacks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.