jansma Posted June 6, 2007 Report Posted June 6, 2007 Please read:http://www.securityfocus.com/archive/1/470461/30/0/threadedIs this real? Has anyone actually checked that this works? What versions are affected? If its real bug, when its going to be fixed?
DreadWingKnight Posted June 6, 2007 Report Posted June 6, 2007 I don't see how it's actually an exploit of anything.It just proves that you can telnet to an open TCP port (which works for mail, http and ftp servers as well as BT clients).
DreadWingKnight Posted June 6, 2007 Report Posted June 6, 2007 nothing that would actually affect the operation of uTorrent or the user's computer
Ultima Posted June 6, 2007 Report Posted June 6, 2007 lol is it just me, or was that script entirely braindead? He could've just said "telnet into the target IP with the target port, and hold the Enter key after it connects," and it would've done the same as that script. Then again, that's already asked and addressed over here.
Dj.r4iDeN Posted June 6, 2007 Report Posted June 6, 2007 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1hellonoting ganna happen in uTorrentthat not exploit that only bugand i write this script to accept it in Securityfocus looolsorry for thatDj.r4iDeN-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.7 (MingW32)iD8DBQFGZzbwwTc7sebm4msRAkNWAKCL4Kpe5QGv7juPwc4NCd6sNGCbTACeILIXnvApX6Ca7LLIu7XQlAJ7bMs==X8hn-----END PGP SIGNATURE-----
DreadWingKnight Posted June 6, 2007 Report Posted June 6, 2007 It's not even a bug.It's normal to be able to telnet to an arbitrary application's listen port when that application listens on a TCP port.
system Posted July 21, 2007 Report Posted July 21, 2007 It's normal to be able to telnet to an open port, what's unexpected is the gibberish that uT dumps out.It's not bencoded data, nor the normal handhsake, and it changes every time.Azureus closes the connection silently (as expected), bitcomet does something similar to uT.Anyone know what this data is?BTW, it does seem to work as an exploit on bitcomet. All options became unavailable while testing, including the close button Edit: second testing doesn't crash BC
Firon Posted July 21, 2007 Report Posted July 21, 2007 It thinks it's an encrypted handshake, so it tries to handshake back.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.