uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
"Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.
Security vulnerabilities in BitTorrent clients are relatively rare, although not unheard of. Luigi Auriemma, a Milan-based security expert, claims to have found a vulnerability in various BitTorrent clients based on the way they handle user-supplied data. The flaw allows an attacker to crash the application, effectively denying service to legitimate users. Code execution is not possible, which means there is little reason for users to panic.
So far, the problem appears to affect these clients:
- BitTorrent 6.0 (build 5535)
- uTorrent 1.7.5 (build 4602)
- uTorrent 1.8 (alpha 7834)
Luigi is reporting that earlier versions of these clients may also be vulnerable and this appears to have been confirmed by the uTorrent team. The problems are confirmed to exist on Windows versions of the software. As yet, Mac and Linux versions of the official BitTorrent client have not been tested.
The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) "
____________
Most trackers i have seen allow this updated version (1.7.6) already.
:source: Source: TorrentFreak
:down: Download Link: http://download.utorrent.com/1.7.6/utorrent.exe
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
i had to update cus bitme is about to ban this client, can't believe it has this flaw :huh:
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
This whole ban client this, ban client that has really gotten...:blink: Confusing.
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
It's not a super big deal. Worst someone could do is remotely crash your client. I still updated though :P
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
This is too confusing for me. I just stick with uTorrent 1.6.
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
im going to miss useing 1.6.1 but i think now ill switch back to az.
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
Quote:
Originally Posted by
leebSaMmY
im going to miss useing 1.6.1 but i think now ill switch back to az.
Are you saying that you would rather use Azureus than the latest version of utorrent?
Re: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack
Does this imply that uTorrent and Official BitTorrent Client no longer have different code bases? Or is it simply that similar vulnerabilities could exist in other bt clients but just haven't been found yet?
Well done to them for providing such a rapid solution, assuming it works.