You are Unregistered, please register or login to gain Full access
Recover Password: via Email | via Question
Thread Options  Search this Thread  
Post: #1
04-09-2008 11:36 (This post was last modified: 04-09-2008 19:53 by Guest)
Guest


Joined: Today
Posts: 0
Country:
-- roro82 is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج


µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج

µTorrent & BitTorrent لقد تم الاعلان عن اكتشاف ثغرة امنية خطيرة ببرامج

هذه الثغرة تتيح للمخترق أو من يرغب بالهجوم أن يقوم بعمليات تخريبية خطيرة عواقبها تبدا من قطع اتصالك بالانترنت

و تصل حتي تجميد نظامك ،،ولذلك يوصى بحتمية التحديث للاصدار الامن

ويمكنك الحصول على النسخة

µTorrent الاخيرة من برنامج


هـنـــا

Highly Critical Bug in uTorrent and BitTorrent Clients Discovered
Secunia has issued two advisories, SA31441 and SA31445, regarding a highly critical vulnerability that affects uTorrent versions 1.6, 1.7.x up to 1.8 RC6, as well as the BitTorrent mainline client 6.0 up to 6.0.3. Secunia rated this vulnerability as "Highly Critical" because it can allow an attacker to perform Denial of Service (DoS) attacks and remotely execute malicious code on the exploited system. The uTorrent users are urged to upgrade to the new uTorrent 1.8 Stable, but there is still no solution for people using the BitTorrent mainline client.

The vulnerability was discovered by Rhys Kidd, who posted his findings on the DailyDave mailing list of the Immunity security company. According to him, the uTorrent's code-base has been suffering from a Unicode stack overflow for the last two years and, with uTorrent being acquired by BitTorrent Inc., the affected code was also integrated into the BitTorrent mainline client.

The Secunia advisory notes that "the vulnerability is caused due to a boundary error in the processing of '.torrent' files". An attacker could exploit this by getting the users to open a .torrent file which contains a very long "created by" field. Mr. Kidd has explained in his paper that the stack overflow occurs when uTorrent calls the mscvrt.dll!wcscat() function. He has isolated the code responsible and presented a proof-of-concept exploit for it.

The uTorrent developer was aware of this vulnerability since before it was released to the public, as he silently patched it in the uTorrent 1.8 RC7. A lot of users were holding off upgrading until a final 1.8 release was made available, while others did not plan on upgrading at all because they were afraid that 1.8, the first version to be released after uTorrent was acquired by BitTorrent Inc., might contain tracking or monitoring software, or simply because they did not like the idea of using software owned by this company.

BitTorrent Inc. is the company founded by Bram Cohen, the creator of the BitTorrent protocol as well as of the original BitTorrent client. In late 2005, he signed an agreement with MPAA (Motion Picture Association of America) to remove all illegal content from the BitTorrent website and to conform with the Digital Millennium Copyright Act. This attracted a wave of negative reactions from the file sharing community at that time, just like uTorrent, the no. 1 bittorrent client in the world, being sold did.

BitTorrent Inc. bought uTorrent because of its huge user-base and because it's probably the most bloatware-free and optimized bittorrent client with a very small footprint. Its plans were to incorporate uTorrent code into the BitTorrent mainline client, while still keeping uTorrent a free project. Apparently, this also proved to make the BitTorrent client highly vulnerable and, while uTorrent users can upgrade to a patched version, there is still no solution for BitTorrent users except to keep away from untrusted .torrent files.



مصدر الخبر

The following 5 users say thank you to Guest for this useful post:

Post: #2
04-09-2008 13:49
yasser540


Joined: 26-08-2006
Posts: 2,503
Country: Egypt
Awards:              
Male yasser540 is Offline now
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
الف شكر علي المعلمات الجميله المفيده دي
:-)
The following 2 users say thank you to yasser540 for this useful post:

Post: #3
04-09-2008 14:59
Guest


Joined: Today
Posts: 0
Country:
-- MRBEBO is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
شكرا يا ساندي (رورو) على الخبر المهم :-)
The following user says thank you to Guest for this useful post:

Post: #4
04-09-2008 16:17
OmOmBeh


Joined: 03-09-2008
Posts: 284
Country: Egypt
Male DonOmar is Offline now
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
Thx In Between I'm Using Bitlord
The following user says thank you to OmOmBeh for this useful post:

Post: #5
04-09-2008 16:51
Guest


Joined: Today
Posts: 0
Country:
-- shello2010 is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
thanx ya roro i`m already using u torrent 1.8
The following user says thank you to Guest for this useful post:

Post: #6
04-09-2008 17:50
Guest


Joined: Today
Posts: 0
Country:
-- kareemboo is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
thanx
The following user says thank you to Guest for this useful post:

Post: #7
04-09-2008 19:51
Guest


Joined: Today
Posts: 0
Country:
-- roro82 is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
Originally Posted by DonOmar
Thx In Between I'm Using Bitlord


Bitlord and Bitspirit kills the system

they are not allowed here

and we will announce that soon

so you have to use another client

µTorrent or Azureus
The following user says thank you to Guest for this useful post:

Post: #8
04-09-2008 23:17
Guest


Joined: Today
Posts: 0
Country:
-- LION is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
thanks a lot roro82 for info ;-)
The following user says thank you to Guest for this useful post:

Post: #9
05-09-2008 03:47
Guest


Joined: Today
Posts: 0
Country:
-- iii is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
شكرا على التنويه
انا بستخدم يوتورنت 1 سبعة اربعة
1.7.4

i will get 1.8 version the stable ver

thank u roro
The following user says thank you to Guest for this useful post:

Post: #10
07-09-2008 15:29
Guest


Joined: Today
Posts: 0
Country:
-- HAMOOO is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
ميرسي كتيير ليك على التنبيه وشكرااااا
The following user says thank you to Guest for this useful post:

Post: #11
30-09-2008 08:02
Guest


Joined: Today
Posts: 0
Country:
-- youssef14us is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
thank you man
Originally Posted by roro82


µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج

µTorrent & BitTorrent لقد تم الاعلان عن اكتشاف ثغرة امنية خطيرة ببرامج

هذه الثغرة تتيح للمخترق أو من يرغب بالهجوم أن يقوم بعمليات تخريبية خطيرة عواقبها تبدا من قطع اتصالك بالانترنت

و تصل حتي تجميد نظامك ،،ولذلك يوصى بحتمية التحديث للاصدار الامن

ويمكنك الحصول على النسخة

µTorrent الاخيرة من برنامج


هـنـــا

Highly Critical Bug in uTorrent and BitTorrent Clients Discovered
Secunia has issued two advisories, SA31441 and SA31445, regarding a highly critical vulnerability that affects uTorrent versions 1.6, 1.7.x up to 1.8 RC6, as well as the BitTorrent mainline client 6.0 up to 6.0.3. Secunia rated this vulnerability as "Highly Critical" because it can allow an attacker to perform Denial of Service (DoS) attacks and remotely execute malicious code on the exploited system. The uTorrent users are urged to upgrade to the new uTorrent 1.8 Stable, but there is still no solution for people using the BitTorrent mainline client.

The vulnerability was discovered by Rhys Kidd, who posted his findings on the DailyDave mailing list of the Immunity security company. According to him, the uTorrent's code-base has been suffering from a Unicode stack overflow for the last two years and, with uTorrent being acquired by BitTorrent Inc., the affected code was also integrated into the BitTorrent mainline client.

The Secunia advisory notes that "the vulnerability is caused due to a boundary error in the processing of '.torrent' files". An attacker could exploit this by getting the users to open a .torrent file which contains a very long "created by" field. Mr. Kidd has explained in his paper that the stack overflow occurs when uTorrent calls the mscvrt.dll!wcscat() function. He has isolated the code responsible and presented a proof-of-concept exploit for it.

The uTorrent developer was aware of this vulnerability since before it was released to the public, as he silently patched it in the uTorrent 1.8 RC7. A lot of users were holding off upgrading until a final 1.8 release was made available, while others did not plan on upgrading at all because they were afraid that 1.8, the first version to be released after uTorrent was acquired by BitTorrent Inc., might contain tracking or monitoring software, or simply because they did not like the idea of using software owned by this company.

BitTorrent Inc. is the company founded by Bram Cohen, the creator of the BitTorrent protocol as well as of the original BitTorrent client. In late 2005, he signed an agreement with MPAA (Motion Picture Association of America) to remove all illegal content from the BitTorrent website and to conform with the Digital Millennium Copyright Act. This attracted a wave of negative reactions from the file sharing community at that time, just like uTorrent, the no. 1 bittorrent client in the world, being sold did.

BitTorrent Inc. bought uTorrent because of its huge user-base and because it's probably the most bloatware-free and optimized bittorrent client with a very small footprint. Its plans were to incorporate uTorrent code into the BitTorrent mainline client, while still keeping uTorrent a free project. Apparently, this also proved to make the BitTorrent client highly vulnerable and, while uTorrent users can upgrade to a patched version, there is still no solution for BitTorrent users except to keep away from untrusted .torrent files.



مصدر الخبر

The following user says thank you to Guest for this useful post:

Post: #12
03-10-2008 10:15
Guest


Joined: Today
Posts: 0
Country:
-- omar is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
مشكورررررررررررررررررررررررررر
The following user says thank you to Guest for this useful post:

Post: #13
03-10-2008 13:50
Guest


Joined: Today
Posts: 0
Country:
-- sarsossa is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
على ما اعتقد ان الثغره دى فى
utorrent 1.7

Post: #14
03-10-2008 17:39
Guest


Joined: Today
Posts: 0
Country:
-- wajdi is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
:-D

The following user says thank you to Guest for this useful post:

Post: #15
04-10-2008 03:45
Guest


Joined: Today
Posts: 0
Country:
-- AMIRo0o is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
تسلم ع المعلومه القيمه
The following user says thank you to Guest for this useful post:

Post: #16
13-12-2008 02:45
Guest


Joined: Today
Posts: 0
Country:
-- yzn25 is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
Thank Yoooooooooooooooou

مزبوط لانه لما كنت استعمله كان النت يفصل كتير وحاليا عم بستخدم
AzUze

و بدون مشاكل
The following user says thank you to Guest for this useful post:

Post: #17
21-12-2008 19:36
Guest


Joined: Today
Posts: 0
Country:
-- opel2000 is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج

شكرا لك اخي الكريم على الفائدة

وجاري التحديث

The following user says thank you to Guest for this useful post:

Post: #18
22-12-2008 16:52
Guest


Joined: Today
Posts: 0
Country:
-- KIMBO2105 is Offline now Disabled
µTorrent & BitTorrent اكتشاف ثغرة أمنية خطيرة ببرامج
THANKSSSSSSSSS
The following user says thank you to Guest for this useful post:



Bookmarks
Digg del.icio.us StumbleUpon Google

Quick Reply
Decrease Size
Increase Size
Insert bold text Insert italic text Insert underlined text Align text to the left Align text to the centerr Align text to the right Justify text Insert quoted text Code Insert formatted PHP code Insert formatted SQL code
Colors
Insert hyperlink Insert image Insert email address
Smilies
Insert hidden text



Forum Jump: