RossMission Posted August 14, 2008 Report Share Posted August 14, 2008 Source: http://torrentfreak.com/critical-vulnerability-discovered-in-utorrent-080812/A vulnerability described as 'critical' has been discovered in versions of uTorrent and the official BitTorrent client. The 'buffer overflow' vulnerability can be exploited to compromise a user's computer for the execution of arbitrary code. It is suggested that users should immediately update to uTorrent version 1.8 RC7 or higher. There is currently no fix for the official client.utorrentSecunia has issued two urgent security alerts, one for uTorrent and the other for the mainline BitTorrent client. Both clients are being developed by BitTorrent Inc.The vulnerability was found in uTorrent and can be maliciously exploited to compromise a user's computer, however, it also affects the mainline BitTorrent client, since it's based on the uTorrent code.According to Secunia, "the vulnerability is caused due to a boundary error in the processing of .torrent files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a .torrent file containing an overly long 'created by' field".A successful execution of the exploit would allow the attacker to run arbitrary code on the victim's machine.The vulnerability exists in uTorrent version 1.7.7 (Build 8179) and may well affect earlier versions too, although this isn't yet confirmed. The flaw is also present in the official BitTorrent client, versions 6.xx.The solution for uTorrent users is to immediately upgrade to version 1.8. Currently there is no solution for those using the mainline client. However, an update will be available soon, TorrentFreak was told. For now, caution is advised when using unverified torrents.? Link to comment Share on other sites More sharing options...
Ultima Posted August 14, 2008 Report Share Posted August 14, 2008 Yes, it's true. Upgrading to 1.8 is the recommended course of action. Link to comment Share on other sites More sharing options...
Chryss Posted August 14, 2008 Report Share Posted August 14, 2008 Any way to tell if we've been a victim of this? I'm assuming we're talking you'd have trojans or viruses or some such craziness, but is there anything in particular to be on the lookout for? Link to comment Share on other sites More sharing options...
Bad Seed Posted August 14, 2008 Report Share Posted August 14, 2008 Is the old µTorrent 1.6.1 also vulnerable to this exploit?I'm using the newer 1.8 but I'm just curious about that. Link to comment Share on other sites More sharing options...
DreadWingKnight Posted August 14, 2008 Report Share Posted August 14, 2008 Yes, and even if it didn't, there are other exploits in 1.6.x and older that you need to upgrade to a current version to fix. Link to comment Share on other sites More sharing options...
Firon Posted August 14, 2008 Report Share Posted August 14, 2008 This latest exploit affects all unicode enabled versions prior to 1.8 RC7. (which is as early as 1.5, I believe) Link to comment Share on other sites More sharing options...
Bad Seed Posted August 14, 2008 Report Share Posted August 14, 2008 Thanks for answering that fast Link to comment Share on other sites More sharing options...
Dracon Posted August 15, 2008 Report Share Posted August 15, 2008 Any way to tell if we've been a victim of this? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.