Menu
What's new
By:
Filters Better Search

BitTorrent users beware: Flaw lets hackers control your computer

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

Dan Goodin

Guest
transmission-poc-800x342.png

Enlarge (credit: Tavis Ormandy)


There's a critical weakness in the widely used Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. That's according to a researcher with Google's Project Zero vulnerability reporting team, who also warns that other BitTorrent clients are likely similarly susceptible.

Researcher Tavis Ormandy published the proof-of-concept attack code last week, along with a detailed description of the underlying vulnerability it exploited. Normally, Project Zero withholds publication of such details for 90 days or until the developer has released a fix. In this case, however, Ormandy's private report to Transmission included a patch that completely fixed the vulnerability. The researcher went ahead and disclosed the vulnerability last Tuesday—only 40 days after the initial report—because Transmission developers had yet to apply it. Ormandy said the publication would allow Ubuntu and other downstream projects to independently install the fix.

"I'm finding it frustrating that the Transmission developers are not responding on their private security list," Ormandy wrote in Tuesday's public report. "I suggested moving this into the open so that distributions can apply the patch independently."


Read 7 remaining paragraphs | Comments

Continue reading...
 
recently patched in debian distro's for the linux folks, so sync up...
 
Title should rather say "Transmission users beware", since this has nothing to do with the Bittorrent protocol, but with a specific client.

Like saying "Internet users beware" because someone found a flaw in Firefox :)
 
RMerlin said:
Title should rather say "Transmission users beware", since this has nothing to do with the Bittorrent protocol, but with a specific client.

Like saying "Internet users beware" because someone found a flaw in Firefox :)
Click to expand...
Too much clickbait lately. That vulnerability can only be easily exploited if Transmission's web interface is exposed to the internet and authentication is not enabled. And even then, some routers do not allow DNS rebinding which makes it almost impossible to exploit.
 
You must log in or register to reply here.

Similar threads

SystemF
BitTorrent Client uTorrent Suffers Security Vulnerability - JSON-RPC issues
Replies
7
Views
2K
SystemF
SystemF
Similar threads
Thread starter Title Forum Replies Date
L&LD And here's the problem with corporations that are 'world-wide' (even if they're a small percentage of world users). Other Discussions 4

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 723 (members: 16, guests: 707)
Top