KTorrent Web Interface Vulnerable to Remote Takeover
Written by enigmax on February 28, 2009Two vulnerabilities have been discovered in the web interface plugin for the KDE BitTorrent client, KTorrent. A malicious attacker sending specially crafted parameters to the interface could enable both remote code execution and arbitrary torrent uploads.
Distributed under a GNU General Public license, KTorrent is a torrent client written in C++ for KDE. Feature wise, the client can compete with other popular clients, supporting protocol encryption, UDP trackers and web-seeding to name a few.
One feature, however, is posing a security threat to the user. According to a security alert, multiple serious vulnerabilities have been found in the client.
With a severity rated as ‘High’, the vulnerabilities are to be found in the client’s web interface plugin. Since the plugin does not successfully restrict access to the clients torrent upload functionality and fails to sanitize request parameters, it is vulnerable to exploitation.
The flaws can allow a malicious remote attacker to send specially crafted parameters to the web interface. This could enable remote arbitrary torrent uploads along with the possibility of remote code execution, within the same privileges as the KTorrent process itself.
A temporary workaround solution is to disable the web interface plugin. This can be achieved by clicking “plugins” in the config menu and unchecking the “Web Interface” checkbox.
Versions affected by this issue are 2.2.8 and earlier, so users updating to the latest version are protected from these security vulnerabilities.
Previously: Pirate Bay Witness’ Wife Overwhelmed With Flowers
Next: How To Turn Customers Into Pirates
27 Responses
D’oh!
Latest version: Check.
Web interface switched off: Check.
Furthermore, Ktorrent runs as user (unless you’ve been stupid and run it as root), it can’t really mess up your system anyway.
It’s a feature to increase deniability. “Copyrighted material you say? No I use it to download Linux distributions”… “Doh, must have been that security vulnerability on my web interface”
I’m gonna install Ktorrent right now and set it not to upgrade.
@ #3 michael:
lol, this is actually pretty good defense. If the “wireless defense” works, this should work even better.
“In my defense, I’m a Lin newbie, never thought it can be “haxored”, as young people say today. If it would please the court, I’d like you to ignore the 17 years of IT work in my resume.”
:)))
“If it would please the court…”
haha, made me laugh enough to post my first TF comment
K What???Do people really use this???
uTorrent FTW !!!
uTorrent <3
maybe i will try this .. hehe
KDE has how many millions of line of code and how many people work on it? I think they have too much code and definitely not enough developers to watch all over it.
“K What???Do people really use this???”
Yes, it’s a good torrent client for KDE.
who cares? ktorrent is one of those crappy clients that the amatuers and wannabe hackers that use the inferior Linux OS use.
Real torrenters use Windows and leave the noobs to the Linux! :)
See, there was a point behind having to elevate privileges 90% of the time to function normally. Now you won’t get effected by this type of attack. Yay for an operating system that had a kernel bug for 10 years.
>”Yay for an operating system that had a kernel bug for 10 years.”
Just to be sure for if you are bashing Linux to ‘enlighten’ windows: You know MS Windows probably has bugs in there for 20years that won’t ever get fixed right?
Just for the sake of letting you know: I currently run Windows XP.
And really: Never mind, never feed the troll monkey.
This article is really non-newsworthy:
1. A tiny portion of BT users run ktorrent.
2. Ktorrent is Linux based meaning users keep up to date with security issues because they are technically adept.
3. Ktorrent doesn’t run with root priviledges by default – meaning any hacks pulled off with this vulnerability are pointless.
4. Linux has an aplication manager that updates applications
Seriously – what gives?
*** NEWS FLAH!! ***
Program vulnerability in windows xp service pack 1!!!
All people with the latest version of windows xp service pack 2 and up will not be affected by this bug.
Pretty stupid huh? I guess the author of this ‘piece’ (pos that is) needs to stop smoking so much pcp before attempting to write articles.
^ ^ ya, ya I misspelled flash, get over it….
well, it gets pretty boring between the rpb trials….
*tpb
@ #10 scrilla
“who cares? ktorrent is one of those crappy clients that the amatuers and wannabe hackers that use the inferior Linux OS use.”
“Real torrenters use Windows and leave the noobs to the Linux! :)”
Hahahahaha. I bet you are one of those that turn off Vista UAC and use uTorrent with administrative privileges.
apt-get update; apt-get upgrade and forget (other commands are available).
its a shame that the webapplet has been desgined badly but if you have an unsecured web server running you cant really expect much better
( even without this exploit you can upload a torrent containing a script called .xinitrc containing rm -fr ~/ to ~ and theres not much you can do)
perhaps some of the new kernel tricks can be employed in latter versions to drop ktorrent rights to only access certain directories ( and never set a +x bit) but the sensible thing would be to never have unsafe services open to unsecured connection (if your behind a closed firewall your prety safe even with the exploit)
I’m slowly getting myself into linux, and i hate KDE, but for the record… this is a good article. I know of many users who are switching to ubuntu linux and use KDE (i know, that is kubuntu) because some dumbass told them it was better than gnome. However, these people were windows users and aren’t that great at working in linux yet. Also, did you read? there is no update yet, the best course of action is to disable the plugin. really people, get off your high horse.
@20:
The article refers to versions 2.2.8 and earlier. The latest version is 3.2
>Written by enigmax on February 28, 2009
> admin – Mon, 10/20/2008 – 18:47
> 3.1.4 released
> Several security issues in the webinterface plugin
You’re only more than 4 months late!
well, ktorrent is not the only torrent client for linux (transmission, deluga, azureus, etc.).
linux’s default user is not root[not like w.....s], so i don’t think this is really a big security issue.
it is wrong for a man have a rich woman or a woman have a wealthy man?It is an absolutely extramarital relationship. but more and more services come out on
Internet focusing on this kind of relationship.such as__S e e k r i c h . c o m___it’s the biggest dating site for wealthy and successful people.
In the article it states, “Versions affected by this issue are 2.2.8 and earlier”. However, the security warning in question affects “versions <= 2.2.8″. So, 2.2.8 is not at risk according to the security warning link and according to this bug report.
http://bugs.gentoo.org/show_bug.cgi?id=244741
And this is news? This has been reported and fixed for ages.
Just don’t use web interface plug-in and all is well with no need to upgrade. Time to go back to sleep now.
Oh and for the windows trolls, keep being paytards Steve Ballmer just loves your money and the Black Hats love your OS as it has all the security of a Sri Lankan Cricket Team escort
:)
2 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.