To BT site staff about utorrent 1.6.1 !
Quote:
Originally Posted by
rvt
I've spent some time looking into this issue.
The POC code on milw0rm relies on creating a malicious torrent file which the uT user opens. On any sites without public uploads, or those that clean the uploaded torrents, there is no real problem.
Another issue mentioned on torrentfreak recently revolves around an overflow bug in extended messaging.
When an attacker sends a long enough string for version info, and the user views the peers tab, uT will crash.
1.6.x versions are not vulnerable to this attack, as they never display the version info obtained from extended messaging in the peers tab.
1.7.x are vulnerable.
Have not tested 1.8.x
1.6.x still has some life in it yet :P
Quote:
Originally Posted by
rvt
1.6.1 (488) fine
1.6.1 (489) fine
1.6.1 (490) fine
1.7.0 (3353) bugged
1.7.1 (3360) bugged
1.7.2 (3458) bugged
1.7.3 (4470) bugged
1.7.4 (4482) bugged
1.7.5 (4602) bugged
That's in relation to the new bug that allows anyone to crash your uT.
For the old POC code from milw0rm, it only works if an attacker can get you to open a torrent file with a very large announce URL, because the announce URL contains the exploit. On private sites using passkeys, that announce URL is changed anyway so a torrent you donwload from them can never contain the exploit.
For public trackers, you can stay safe if you open the file in torrentspy before opening in uT.
http://torrentspy.sourceforge.net/
If the announce URL is not valid, opening it in torrentspy will show you that.
i like to know the reason behind banning of 1.6.1 which is safe according to an experienced staff/coder !
:mellow:
update :
bitme, bitmetv, blackcats-games, what, waffles ,revtt have all unbanned 1.6.1
:)
update 2 :
Quote:
Originally Posted by
rvt
Fix: remote crash bug (affects 1.7.x, and 1.8 builds released to date)
it doesnt affect 1.6.x
:)
Re: To BT site staff about utorrent 1.6.1 !
Re: To BT site staff about utorrent 1.6.1 !
Nice topic. Kinda want to know myself. I did obviously upgrade though. Not going to risk my account for not following orders.
Re: To BT site staff about utorrent 1.6.1 !
Because if you check utorrent site they say 1.6.1 is vulnerable and many just take the info from that. But if rvt info, can be backed up by another coder, maybe staff will reconsider bans.
Also great post LordS
Re: To BT site staff about utorrent 1.6.1 !
Edit: In regards to uT saying it affects 1.6.x, that is a lie put out to get people to upgrade.
One of the bittorrent devs said in their forum that it does not affect 1.6.x
http://forum.utorrent.com/viewtopic....298736#p298736
End Edit
It can be confirmed easily enough.
I have some php code for crashing uT posted at p2pg and tbdev. We have a fair amount of sites on p2pg, and they can spread the code out to other sysops/coders. The code is in the VIP section at tbdev to keep it out of the public eye. If any sysop wants a copy, drop me a PM.
The POC code for executing code on 1.6 is available at milw0rm. What it does is change the announce URL to a lot of code that doe not represent a real URL in any way. I would post an example, but it's full of all sorts of control characters and isn't pretty.
Any tracker using passkeys is going to replace that URL with their own one anyway, so none of these malformed torrents will be downloadable from private trackers.
On public trackers, these torrents will be deleted very quickly because the announce URL is not valid and so they cannot work on any client.
For anyone testing the milw0rm exploit, if you are getting segmentation faults, make sure the torrent file you use as input has a comment after the announce URL.
d8:announce10:01234567897:comment10:0123456789 << like that
The code uses the 7:comment part to work out where to split.
BTW, the milw0rm code does not work on XP SP2 far as I can tell.
Re: To BT site staff about utorrent 1.6.1 !
Quote:
Originally Posted by
rvt
Edit: In regards to uT saying it affects 1.6.x, that is a lie put out to get people to upgrade.
One of the bittorrent devs said in their forum that it does not affect 1.6.x
http://forum.utorrent.com/viewtopic....298736#p298736
It can be confirmed easily enough.
I have some php code for crashing uT posted at p2pg and tbdev. We have a fair amount of sites on p2pg, and they can spread the code out to other sysops/coders. The code is in the VIP section at tbdev to keep it out of the public eye. If any sysop wants a copy, drop me a PM.
The POC code for executing code on 1.6 is available at milw0rm. What it does is change the announce URL to a lot of code that doe not represent a real URL in any way. I would post an example, but it's full of all sorts of control characters and isn't pretty.
Any tracker using passkeys is going to replace that URL with their own one anyway, so none of these malformed torrents will be downloadable from private trackers.
On public trackers, these torrents will be deleted very quickly because the announce URL is not valid and so they cannot work on any client.
For anyone testing the milw0rm exploit, if you are getting segmentation faults, make sure the torrent file you use as input has a comment after the announce URL.
d8:announce10:01234567897:comment10:0123456789 << like that
The code uses the 7:comment part to work out where to split.
BTW, the milw0rm code does not work on XP SP2 far as I can tell.
thanks for the hard work rvt, it's great to know 1.6.1 is still good.
all we need to do now is convince staffers :)
Re: To BT site staff about utorrent 1.6.1 !
thanks a lot again rvt :)
ok so the ut forum itself says 1.6 is safe
and rvt has confirmed that private trackers wont be affected by this exploit
so what are we waiting for ? unban 1.6 :happy:
Re: To BT site staff about utorrent 1.6.1 !
still no comments from other bt staff ? huh
Re: To BT site staff about utorrent 1.6.1 !
Probably not until uTorrent them selves say it is safe again. Until then, probably not.
Re: To BT site staff about utorrent 1.6.1 !
BCG is allowing 1.6.#
we are banning all 1.7 earlier than 1.7.6
and we dont allow alpha/beta anyway so 1.8 is not allowed yet.
