Comments on: KTorrent Web Interface Vulnerable to Remote Takeover

By: Bit Torrent Vs Apple The Battle For Your Video Downloads | Movies Blog

Bit Torrent Vs Apple The Battle For Your Video Downloads | Movies Blog — Wed, 11 Mar 2009 05:11:00 +0000

[...] KTorrent Web Interface Vulnerable to Remote Takeover | TorrentF&… [...]

By: Linux User

Linux User — Sat, 07 Mar 2009 12:30:08 +0000

Just don’t use web interface plug-in and all is well with no need to upgrade. Time to go back to sleep now.

Oh and for the windows trolls, keep being paytards Steve Ballmer just loves your money and the Black Hats love your OS as it has all the security of a Sri Lankan Cricket Team escort

By: anon

anon — Tue, 03 Mar 2009 07:08:23 +0000

And this is news? This has been reported and fixed for ages.

By: Lars

Lars — Mon, 02 Mar 2009 13:36:48 +0000

In the article it states, “Versions affected by this issue are 2.2.8 and earlier”. However, the security warning in question affects “versions <= 2.2.8″. So, 2.2.8 is not at risk according to the security warning link and according to this bug report.

http://bugs.gentoo.org/show_bug.cgi?id=244741

By: janet

janet — Mon, 02 Mar 2009 02:41:39 +0000

it is wrong for a man have a rich woman or a woman have a wealthy man?It is an absolutely extramarital relationship. but more and more services come out on

Internet focusing on this kind of relationship.such as__S e e k r i c h . c o m___it’s the biggest dating site for wealthy and successful people.

By: pclinuxos

pclinuxos — Sun, 01 Mar 2009 15:55:20 +0000

well, ktorrent is not the only torrent client for linux (transmission, deluga, azureus, etc.).
linux’s default user is not root[not like w.....s], so i don’t think this is really a big security issue.

By: Diego

Diego — Sun, 01 Mar 2009 09:44:16 +0000

>Written by enigmax on February 28, 2009

> admin – Mon, 10/20/2008 – 18:47
> 3.1.4 released
> Several security issues in the webinterface plugin

You’re only more than 4 months late!

By: Rage

Rage — Sun, 01 Mar 2009 06:58:39 +0000

@20:
The article refers to versions 2.2.8 and earlier. The latest version is 3.2

By: fleshTH

fleshTH — Sun, 01 Mar 2009 05:19:59 +0000

I’m slowly getting myself into linux, and i hate KDE, but for the record… this is a good article. I know of many users who are switching to ubuntu linux and use KDE (i know, that is kubuntu) because some dumbass told them it was better than gnome. However, these people were windows users and aren’t that great at working in linux yet. Also, did you read? there is no update yet, the best course of action is to disable the plugin. really people, get off your high horse.

By: rioting_pacifist

rioting_pacifist — Sat, 28 Feb 2009 21:33:16 +0000

apt-get update; apt-get upgrade and forget (other commands are available).

its a shame that the webapplet has been desgined badly but if you have an unsecured web server running you cant really expect much better
( even without this exploit you can upload a torrent containing a script called .xinitrc containing rm -fr ~/ to ~ and theres not much you can do)

perhaps some of the new kernel tricks can be employed in latter versions to drop ktorrent rights to only access certain directories ( and never set a +x bit) but the sensible thing would be to never have unsafe services open to unsecured connection (if your behind a closed firewall your prety safe even with the exploit)