PDA

View Full Version : uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack


AmpeD
01-18-2008, 01:28 AM
http://filesharingtalk.com/vb3/picture.php?albumid=25&pictureid=51"Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.

Security vulnerabilities in BitTorrent clients are relatively rare, although not unheard of. Luigi Auriemma, a Milan-based security expert, claims to have found a vulnerability in various BitTorrent clients based on the way they handle user-supplied data. The flaw allows an attacker to crash the application, effectively denying service to legitimate users. Code execution is not possible, which means there is little reason for users to panic.

So far, the problem appears to affect these clients:

- BitTorrent 6.0 (build 5535)
- uTorrent 1.7.5 (build 4602)
- uTorrent 1.8 (alpha 7834)

Luigi is reporting that earlier versions of these clients may also be vulnerable and this appears to have been confirmed by the uTorrent team. The problems are confirmed to exist on Windows versions of the software. As yet, Mac and Linux versions of the official BitTorrent client have not been tested.

The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) "
____________
Most trackers i have seen allow this updated version (1.7.6) already.

:source: Source: TorrentFreak (http://torrentfreak.com/bittorrent-clients-vulnerable-to-remote-dos-attack-080117/)
:down: Download Link: http://download.utorrent.com/1.7.6/utorrent.exe
porscha
01-18-2008, 03:20 AM
thanks for the tip
DeNeDe
01-18-2008, 04:24 AM
10x
colombianino
01-18-2008, 04:46 AM
i had to update cus bitme is about to ban this client, can't believe it has this flaw :huh:
Hairbautt
01-18-2008, 04:48 AM
This whole ban client this, ban client that has really gotten...:blink: Confusing.
tusks
01-18-2008, 05:15 AM
It's not a super big deal. Worst someone could do is remotely crash your client. I still updated though :P
grimms
01-18-2008, 06:29 AM
This is too confusing for me. I just stick with uTorrent 1.6.
leebSaMmY
01-18-2008, 06:49 AM
im going to miss useing 1.6.1 but i think now ill switch back to az.
$we
01-18-2008, 10:44 AM
im going to miss useing 1.6.1 but i think now ill switch back to az.

Are you saying that you would rather use Azureus than the latest version of utorrent?
lynx
01-18-2008, 11:51 AM
Does this imply that uTorrent and Official BitTorrent Client no longer have different code bases? Or is it simply that similar vulnerabilities could exist in other bt clients but just haven't been found yet?

Well done to them for providing such a rapid solution, assuming it works.
peat moss
01-18-2008, 01:42 PM
Thanks for the heads up , I saw the update when I started Utorrent 1.7.5 last night but said no , wanted to check if IPT allowed it first . Wondered why now I know .

Gee took a second that was fast and did n't miss a beat just restarted itself . :)
Hairbautt
01-18-2008, 01:46 PM
I don't dare step away from 1.6.1 build (49, is it?)
Broken
01-18-2008, 05:12 PM
It's not a super big deal. Worst someone could do is remotely crash your client. I still updated though :P


exactly.
no one should freak out. infact, it's hardly worth mentioning.
asalsa
01-18-2008, 07:00 PM
i use bit comet its good