Your Ad Here Your Ad Here
Page 1 of 7 1234 ... LastLast
Results 1 to 10 of 63

Thread: To BT site staff about utorrent 1.6.1 !

  1. #1
    Quote Originally Posted by rvt View Post
    I've spent some time looking into this issue.

    The POC code on milw0rm relies on creating a malicious torrent file which the uT user opens. On any sites without public uploads, or those that clean the uploaded torrents, there is no real problem.

    Another issue mentioned on torrentfreak recently revolves around an overflow bug in extended messaging.
    When an attacker sends a long enough string for version info, and the user views the peers tab, uT will crash.

    1.6.x versions are not vulnerable to this attack, as they never display the version info obtained from extended messaging in the peers tab.
    1.7.x are vulnerable.

    Have not tested 1.8.x

    1.6.x still has some life in it yet
    Quote Originally Posted by rvt View Post
    1.6.1 (488) fine
    1.6.1 (489) fine
    1.6.1 (490) fine
    1.7.0 (3353) bugged
    1.7.1 (3360) bugged
    1.7.2 (3458) bugged
    1.7.3 (4470) bugged
    1.7.4 (4482) bugged
    1.7.5 (4602) bugged

    That's in relation to the new bug that allows anyone to crash your uT.

    For the old POC code from milw0rm, it only works if an attacker can get you to open a torrent file with a very large announce URL, because the announce URL contains the exploit. On private sites using passkeys, that announce URL is changed anyway so a torrent you donwload from them can never contain the exploit.
    For public trackers, you can stay safe if you open the file in torrentspy before opening in uT.
    http://torrentspy.sourceforge.net/
    If the announce URL is not valid, opening it in torrentspy will show you that.
    i like to know the reason behind banning of 1.6.1 which is safe according to an experienced staff/coder !




    update :

    bitme, bitmetv, blackcats-games, what, waffles ,revtt have all unbanned 1.6.1



    update 2 :

    Quote Originally Posted by rvt View Post
    for those sites who wont unban unless uT says it's ok.

    http://forum.utorrent.com/viewtopic....300606#p300606
    50% of people reading the changelog will be getting a copy of the old one. The new one is there though, and has removed mention of 1.6.x

    Fix: remote crash bug (affects 1.7.x, and 1.8 builds released to date)

    it doesnt affect 1.6.x





    Last edited by FatBob; 01-23-2008 at 07:30 AM.

  2. BitTorrent   -   #2
    Poster BT Rep: +3
    Join Date
    Dec 2007
    Posts
    149
    kool.

  3. BitTorrent   -   #3
    grimms's Avatar Excuse Me? BT Rep: +16BT Rep +16BT Rep +16BT Rep +16
    Join Date
    Oct 2007
    Posts
    3,366
    Nice topic. Kinda want to know myself. I did obviously upgrade though. Not going to risk my account for not following orders.

    Excuse Me?
    Didn't Think So!





  4. BitTorrent   -   #4
    pandabear's Avatar Internet BT Rep: +2
    Join Date
    Nov 2006
    Posts
    568
    Because if you check utorrent site they say 1.6.1 is vulnerable and many just take the info from that. But if rvt info, can be backed up by another coder, maybe staff will reconsider bans.

    Also great post LordS


    Someone invite me to fsc please

  5. BitTorrent   -   #5
    rvt's Avatar Poster BT Rep: +1
    Join Date
    Aug 2007
    Posts
    441
    Edit: In regards to uT saying it affects 1.6.x, that is a lie put out to get people to upgrade.
    One of the bittorrent devs said in their forum that it does not affect 1.6.x
    http://forum.utorrent.com/viewtopic....298736#p298736
    End Edit

    It can be confirmed easily enough.

    I have some php code for crashing uT posted at p2pg and tbdev. We have a fair amount of sites on p2pg, and they can spread the code out to other sysops/coders. The code is in the VIP section at tbdev to keep it out of the public eye. If any sysop wants a copy, drop me a PM.

    The POC code for executing code on 1.6 is available at milw0rm. What it does is change the announce URL to a lot of code that doe not represent a real URL in any way. I would post an example, but it's full of all sorts of control characters and isn't pretty.

    Any tracker using passkeys is going to replace that URL with their own one anyway, so none of these malformed torrents will be downloadable from private trackers.

    On public trackers, these torrents will be deleted very quickly because the announce URL is not valid and so they cannot work on any client.

    For anyone testing the milw0rm exploit, if you are getting segmentation faults, make sure the torrent file you use as input has a comment after the announce URL.
    d8:announce10:01234567897:comment10:0123456789 << like that
    The code uses the 7:comment part to work out where to split.

    BTW, the milw0rm code does not work on XP SP2 far as I can tell.
    Last edited by rvt; 01-20-2008 at 09:19 AM.

  6. BitTorrent   -   #6
    monk3y's Avatar Pirate's Life for me BT Rep: +30BT Rep +30BT Rep +30BT Rep +30BT Rep +30BT Rep +30
    Join Date
    Dec 2006
    Location
    Any other world
    Age
    31
    Posts
    1,528
    Quote Originally Posted by rvt View Post
    Edit: In regards to uT saying it affects 1.6.x, that is a lie put out to get people to upgrade.
    One of the bittorrent devs said in their forum that it does not affect 1.6.x
    http://forum.utorrent.com/viewtopic....298736#p298736

    It can be confirmed easily enough.

    I have some php code for crashing uT posted at p2pg and tbdev. We have a fair amount of sites on p2pg, and they can spread the code out to other sysops/coders. The code is in the VIP section at tbdev to keep it out of the public eye. If any sysop wants a copy, drop me a PM.

    The POC code for executing code on 1.6 is available at milw0rm. What it does is change the announce URL to a lot of code that doe not represent a real URL in any way. I would post an example, but it's full of all sorts of control characters and isn't pretty.

    Any tracker using passkeys is going to replace that URL with their own one anyway, so none of these malformed torrents will be downloadable from private trackers.

    On public trackers, these torrents will be deleted very quickly because the announce URL is not valid and so they cannot work on any client.

    For anyone testing the milw0rm exploit, if you are getting segmentation faults, make sure the torrent file you use as input has a comment after the announce URL.
    d8:announce10:01234567897:comment10:0123456789 << like that
    The code uses the 7:comment part to work out where to split.

    BTW, the milw0rm code does not work on XP SP2 far as I can tell.
    thanks for the hard work rvt, it's great to know 1.6.1 is still good.
    all we need to do now is convince staffers

    Do not pm me requesting for invites as i have none to spare
    Signature & Avatar Rules

  7. BitTorrent   -   #7
    thanks a lot again rvt

    ok so the ut forum itself says 1.6 is safe

    and rvt has confirmed that private trackers wont be affected by this exploit


    so what are we waiting for ? unban 1.6

  8. BitTorrent   -   #8
    still no comments from other bt staff ? huh

  9. BitTorrent   -   #9
    grimms's Avatar Excuse Me? BT Rep: +16BT Rep +16BT Rep +16BT Rep +16
    Join Date
    Oct 2007
    Posts
    3,366
    Probably not until uTorrent them selves say it is safe again. Until then, probably not.

    Excuse Me?
    Didn't Think So!





  10. BitTorrent   -   #10
    stoi's Avatar BCG Owner BT Rep: +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45BT Rep +45
    Join Date
    Oct 2002
    Posts
    4,288
    BCG is allowing 1.6.#

    we are banning all 1.7 earlier than 1.7.6

    and we dont allow alpha/beta anyway so 1.8 is not allowed yet.

Page 1 of 7 1234 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •