Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.

The remote host is affected by the vulnerability described in GLSA-201311-11 (CTorrent: User-assisted arbitrary code execution)

    CTorrent contains a stack-based buffer overflow in the       btFiles::BuildFromMI function in trunk/btfiles.cpp.
  Impact :

    A remote attacker could entice a user to open a specially crafted       torrent file using CTorrent, possibly resulting in execution of arbitrary       code with the privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Securityfocus reports :

cTorrent and dTorrent are prone to a remote buffer-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successful exploits allow remote attackers to execute arbitrary machine code in the context of a vulnerable application. Failed exploit attempts will likely result in denial-of-service conditions.

Security update, fixes a stack-based buffer overflow (CVE-2009-1759)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Security update, fixes a stack-based buffer overflow (CVE-2009-1759).

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Michael Brooks discovered that ctorrent, a text-mode bittorrent client, does not verify the length of file paths in torrent files. An attacker can exploit this via a crafted torrent that contains a long file path to execute arbitrary code with the rights of the user opening the file.

The oldstable distribution (etch) does not contain ctorrent.

ID	Name	Product	Family	Severity
70995	GLSA-201311-11 : CTorrent: User-assisted arbitrary code execution	Nessus	Gentoo Local Security Checks	high
42310	FreeBSD : Enhanced cTorrent -- stack-based overflow (83d7d149-b965-11de-a515-0022156e8794)	Nessus	FreeBSD Local Security Checks	high
40759	Fedora 10 : ctorrent-1.3.4-7.dnh3.3.2.fc10 (2009-8969)	Nessus	Fedora Local Security Checks	high
40758	Fedora 11 : ctorrent-1.3.4-10.dnh3.3.2.fc11 (2009-8897)	Nessus	Fedora Local Security Checks	high
39440	Debian DSA-1817-1 : ctorrent - stack-based buffer overflow	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2009-1759

critical

Tenable Plugins

high

high

high

high

high