pkg/41371: net/ctorrent-1.3.4nb2 exploit

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/41371: net/ctorrent-1.3.4nb2 exploit
From: jgw%freeshell.org@localhost
Date: Wed, 6 May 2009 20:20:00 +0000 (UTC)

>Number:         41371
>Category:       pkg
>Synopsis:       net/ctorrent-1.3.4nb2 exploit
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed May 06 20:20:00 +0000 2009
>Originator:     Jeff Woodall
>Release:        NetBSD 4.99.59
>Organization:
na
>Environment:
NetBSD think.sleepy.cat 4.99.59 NetBSD 4.99.59 (GENERIC.NOACPI) #0: Sun Apr 13 
07:56:12 UTC 2008  
bouyer%b2.netbsd.org@localhost:/home/builds/ab/HEAD/i386/200804120000Z-obj/home/builds/ab/HEAD/src/sys/arch/i386/compile/GENERIC.NOACPI
 i386
>Description:
There seems to be some security issues for the cTorrent app:                    
                                               
                                                                                
                                               
http://www.securityfocus.com/bid/34584/discuss                                  
                                               
http://www.milw0rm.com/exploits/8470                                            
                                               
                                                                                
                                               
This may have gotten missed due to ctorrent's association with the dtorrent[1]  
                                               
(enhanced cTorrent) project which is based on the former. The latter has        
                                               
supposably been patched in it's SYN repository but as ctorrent is no longer     
                                               
maintained it's source code probably won't get fixed.                           
                                               
                                                                                
                                               
[1] http://sourceforge.net/projects/dtorrent/
>How-To-Repeat:

>Fix:

Prev by Date: Re: pkg/38212 (Dejavu-TTF fonts upgrade)
Next by Date: PR/41368 CVS commit: pkgsrc/pkgtools/libnbcompat/files/db
Previous by Thread: Re: pkg/41368 (pkgtools/libnbcompat fails to build on Solaris 9)
Next by Thread: pkg/41373: emulators/compat30 build fails on NetBSD 4.0_STABLE
Indexes:

Home | Main Index | Thread Index | Old Index