CVE-2007-1799
First published: Mon Apr 02 2007(Updated: )
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| joris guisson KTorrent | =2.1.1 | |
| joris guisson KTorrent | =2.1.2 | |
| KTorrent | =2.1.1 | |
| KTorrent | =2.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.kde.org/show_bug.cgi?id=143637
- https://bugs.gentoo.org/show_bug.cgi?id=170303
- http://www.novell.com/linux/security/advisories/2007_007_suse.html
- http://secunia.com/advisories/24995
- http://security.gentoo.org/glsa/glsa-200705-01.xml
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:095
- http://secunia.com/advisories/25097
- http://www.ubuntu.com/usn/usn-436-2
- http://www.securityfocus.com/bid/23745
- http://www.debian.org/security/2007/dsa-1373
- http://secunia.com/advisories/26773
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33566
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/joris guisson
- canonical/joris guisson ktorrent
- version/joris guisson ktorrent/2.1.1
- version/joris guisson ktorrent/2.1.2
- canonical/ktorrent
- version/ktorrent/2.1.1
- version/ktorrent/2.1.2