FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1759

This CVE name corresponds to:

Entered Topic
2009-10-28 Enhanced cTorrent -- stack-based overflow

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2009-1759
Phase Assigned(20090521)

Description

Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.

References

Source Reference
MILW0RM 8470
MLIST [oss-security] 20090520 CVE request: ctorrent
CONFIRM http://dtorrent.svn.sourceforge.net/viewvc/dtorrent/dtorrent/trunk/btfiles.cpp?r1=296&r2=301&view=patch
CONFIRM http://sourceforge.net/tracker/?func=detail&aid=2782875&group_id=202532&atid=981959
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=501813
DEBIAN DSA-1817
FEDORA FEDORA-2009-8897
FEDORA FEDORA-2009-8969
BID 34584
SECUNIA 34752
SECUNIA 35499
SECUNIA 36471
VUPEN ADV-2009-1092
XF ctorrent-btfiles-bo(49959)