Edit: In regards to uT saying it affects 1.6.x, that is a lie put out to get people to upgrade.
One of the bittorrent devs said in their forum that it does not affect 1.6.x
http://forum.utorrent.com/viewtopic....298736#p298736
It can be confirmed easily enough.
I have some php code for crashing uT posted at p2pg and tbdev. We have a fair amount of sites on p2pg, and they can spread the code out to other sysops/coders. The code is in the VIP section at tbdev to keep it out of the public eye. If any sysop wants a copy, drop me a PM.
The POC code for executing code on 1.6 is available at milw0rm. What it does is change the announce URL to a lot of code that doe not represent a real URL in any way. I would post an example, but it's full of all sorts of control characters and isn't pretty.
Any tracker using passkeys is going to replace that URL with their own one anyway, so none of these malformed torrents will be downloadable from private trackers.
On public trackers, these torrents will be deleted very quickly because the announce URL is not valid and so they cannot work on any client.
For anyone testing the milw0rm exploit, if you are getting segmentation faults, make sure the torrent file you use as input has a comment after the announce URL.
d8:announce10:01234567897:comment10:0123456789 << like that
The code uses the 7:comment part to work out where to split.
BTW, the milw0rm code does not work on XP SP2 far as I can tell.
Bookmarks