Your Ad Here Your Ad Here
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: uTorrent and Official BitTorrent Client Vulnerable to Remote DOS Attack

  1. #1
    AmpeD's Avatar the o'lol factor BT Rep: +10BT Rep +10
    Join Date
    Aug 2007
    Posts
    771
    "Both the official BitTorrent and uTorrent clients are vulnerable to a remote denial-of-service attack, due to the way they handle user-supplied data. Versions found to be vulnerable so far are the official BitTorrent 6.0 client,
    uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834.

    Security vulnerabilities in BitTorrent clients are relatively rare, although not unheard of. Luigi Auriemma, a Milan-based security expert, claims to have found a vulnerability in various BitTorrent clients based on the way they handle user-supplied data. The flaw allows an attacker to crash the application, effectively denying service to legitimate users. Code execution is not possible, which means there is little reason for users to panic.

    So far, the problem appears to affect these clients:

    - BitTorrent 6.0 (build 5535)
    - uTorrent 1.7.5 (build 4602)
    - uTorrent 1.8 (alpha 7834)

    Luigi is reporting that earlier versions of these clients may also be vulnerable and this appears to have been confirmed by the uTorrent team. The problems are confirmed to exist on Windows versions of the software. As yet, Mac and Linux versions of the official BitTorrent client have not been tested.

    The uTorrent team state the flaw affects all older uTorrent versions 1.6 and 1.7.x. too but have been quick to respond, releasing a new build - uTorrent 1.7.6 (build 7859) "
    ____________
    Most trackers i have seen allow this updated version (1.7.6) already.

    Source: TorrentFreak
    Download Link: http://download.utorrent.com/1.7.6/utorrent.exe
    Last edited by Hairbautt; 01-18-2008 at 03:10 PM. Reason: Sep., new image and source added!

  2. News (Archive)   -   #2
    porscha's Avatar Poster
    Join Date
    Nov 2006
    Location
    No Man's Land
    Posts
    75
    thanks for the tip

  3. News (Archive)   -   #3
    BANNED BT Rep: +10BT Rep +10
    Join Date
    Dec 2007
    Location
    Romania,Iasi
    Age
    27
    Posts
    338
    10x

  4. News (Archive)   -   #4
    colombianino's Avatar Poster BT Rep: +3
    Join Date
    Jan 2008
    Location
    sailing the p2p shoals...
    Posts
    337
    i had to update cus bitme is about to ban this client, can't believe it has this flaw

  5. News (Archive)   -   #5
    Hairbautt's Avatar *haircut
    Join Date
    Jul 2004
    Location
    Florida
    Age
    20
    Posts
    11,028
    This whole ban client this, ban client that has really gotten... Confusing.
    _________________________________________________________________________________________
    Last edited by Alien5; Jun 6th, 2006 at
    06:36 PM..

  6. News (Archive)   -   #6
    tusks's Avatar \(_o)/ BT Rep: +1
    Join Date
    Nov 2007
    Location
    \(_o)/
    Posts
    295
    It's not a super big deal. Worst someone could do is remotely crash your client. I still updated though

  7. News (Archive)   -   #7
    grimms's Avatar Excuse Me? BT Rep: +16BT Rep +16BT Rep +16BT Rep +16
    Join Date
    Oct 2007
    Posts
    3,366
    This is too confusing for me. I just stick with uTorrent 1.6.

    Excuse Me?
    Didn't Think So!





  8. News (Archive)   -   #8
    leebSaMmY's Avatar Poster
    Join Date
    Jan 2008
    Location
    Boston
    Posts
    13
    im going to miss useing 1.6.1 but i think now ill switch back to az.

  9. News (Archive)   -   #9
    $we's Avatar Poster BT Rep: +5
    Join Date
    Dec 2007
    Posts
    106
    Quote Originally Posted by leebSaMmY View Post
    im going to miss useing 1.6.1 but i think now ill switch back to az.
    Are you saying that you would rather use Azureus than the latest version of utorrent?
    Last edited by $we; 01-18-2008 at 07:00 PM.

  10. News (Archive)   -   #10
    lynx's Avatar .
    Join Date
    Sep 2002
    Location
    Yorkshire, England
    Posts
    9,810
    Does this imply that uTorrent and Official BitTorrent Client no longer have different code bases? Or is it simply that similar vulnerabilities could exist in other bt clients but just haven't been found yet?

    Well done to them for providing such a rapid solution, assuming it works.
    .
    Political correctness is based on the principle that it's possible to pick up a turd by the clean end.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •