Multiple Vulnerabilities Discovered in Ktorrent

Written by enigmax on May 02, 2007

Ktorrent, the popular open-source BitTorrent client for Linux has been discovered to contain multiple vulnerabilities which can result in a hacker remotely executing arbitrary code.

According to Security Focus, Ktorrent versions 2.1.3 and below have a security flaw which allows for the remote execution of arbitrary code.

The vulnerabilities were discovered in the components chunkcounter.cpp and torrent.cpp and can be exploited by getting a user to use a modified torrent file, resulting in the possible control of the OS with the same privileges as the Ktorrent user.

There is currently no work-around for the flaws but the situation can be remedied by upgrading to the latest version of Ktorrent, version 2.1.4.

KTorrent is a BitTorrent client written in C++ for KDE, offering mainline DHT and µTorrent compatible peer exchange, port forwarding via UPnP and protocol encryption for getting round those pesky traffic-shaping ISP’s.

KTorrent version 2.2 will be released later this month and will include new features such as multiple tabs, moving finished downloads to another directory, and diskspace preallocation. Another good reason to upgrade!

Saved in: Bittorrent Clients
Tags: arbitrary_code, bittorrent_client, cpp, Ktorrent, torrent_file, www_google

Previously: TV Broadcasters Experimenting with BitTorrent

Next: 6th EliteTorrents Star-Wars Pre-Release Guilty Plea

Related Entries

5 Responses

1 May 02, 2007 at 16:39 by Iain

That’s a real pity. It’s a great Bittorrent client.

2 May 02, 2007 at 17:22 by blah

No program is perfect.

3 May 02, 2007 at 22:11 by ssd

and i just started using ktorrent ;

4 May 03, 2007 at 00:19 by mike

linux is safe but their programs dont

5 Jan 12, 2008 at 00:32 by Google

I Think,İt is very nice information…

Hitchhiker Nation

Responses are closed

All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.

TorrentFreak