jansma Posted June 6, 2007 Report Share Posted June 6, 2007 Please read:http://www.securityfocus.com/archive/1/470461/30/0/threadedIs this real? Has anyone actually checked that this works? What versions are affected? If its real bug, when its going to be fixed? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted June 6, 2007 Report Share Posted June 6, 2007 I don't see how it's actually an exploit of anything.It just proves that you can telnet to an open TCP port (which works for mail, http and ftp servers as well as BT clients). Link to comment Share on other sites More sharing options...
Firon Posted June 6, 2007 Report Share Posted June 6, 2007 This isn't an overflow or an exploit. Link to comment Share on other sites More sharing options...
jansma Posted June 6, 2007 Author Report Share Posted June 6, 2007 You can telnet in - and do WHAT? Link to comment Share on other sites More sharing options...
DreadWingKnight Posted June 6, 2007 Report Share Posted June 6, 2007 nothing that would actually affect the operation of uTorrent or the user's computer Link to comment Share on other sites More sharing options...
Ultima Posted June 6, 2007 Report Share Posted June 6, 2007 lol is it just me, or was that script entirely braindead? He could've just said "telnet into the target IP with the target port, and hold the Enter key after it connects," and it would've done the same as that script. Then again, that's already asked and addressed over here. Link to comment Share on other sites More sharing options...
Dj.r4iDeN Posted June 6, 2007 Report Share Posted June 6, 2007 -----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1hellonoting ganna happen in uTorrentthat not exploit that only bugand i write this script to accept it in Securityfocus looolsorry for thatDj.r4iDeN-----BEGIN PGP SIGNATURE-----Version: GnuPG v1.4.7 (MingW32)iD8DBQFGZzbwwTc7sebm4msRAkNWAKCL4Kpe5QGv7juPwc4NCd6sNGCbTACeILIXnvApX6Ca7LLIu7XQlAJ7bMs==X8hn-----END PGP SIGNATURE----- Link to comment Share on other sites More sharing options...
DreadWingKnight Posted June 6, 2007 Report Share Posted June 6, 2007 It's not even a bug.It's normal to be able to telnet to an arbitrary application's listen port when that application listens on a TCP port. Link to comment Share on other sites More sharing options...
system Posted July 21, 2007 Report Share Posted July 21, 2007 It's normal to be able to telnet to an open port, what's unexpected is the gibberish that uT dumps out.It's not bencoded data, nor the normal handhsake, and it changes every time.Azureus closes the connection silently (as expected), bitcomet does something similar to uT.Anyone know what this data is?BTW, it does seem to work as an exploit on bitcomet. All options became unavailable while testing, including the close button Edit: second testing doesn't crash BC Link to comment Share on other sites More sharing options...
Firon Posted July 21, 2007 Report Share Posted July 21, 2007 It thinks it's an encrypted handshake, so it tries to handshake back. Link to comment Share on other sites More sharing options...
system Posted July 21, 2007 Report Share Posted July 21, 2007 Thanks for clearing that up. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.