CVE-2007-1799

Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:joris_guisson:ktorrent:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:joris_guisson:ktorrent:2.1.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:29

Type Values Removed Values Added
References () http://bugs.kde.org/show_bug.cgi?id=143637 - () http://bugs.kde.org/show_bug.cgi?id=143637 -
References () http://secunia.com/advisories/24995 - () http://secunia.com/advisories/24995 -
References () http://secunia.com/advisories/25097 - () http://secunia.com/advisories/25097 -
References () http://secunia.com/advisories/26773 - () http://secunia.com/advisories/26773 -
References () http://security.gentoo.org/glsa/glsa-200705-01.xml - () http://security.gentoo.org/glsa/glsa-200705-01.xml -
References () http://www.debian.org/security/2007/dsa-1373 - () http://www.debian.org/security/2007/dsa-1373 -
References () http://www.mandriva.com/security/advisories?name=MDKSA-2007:095 - () http://www.mandriva.com/security/advisories?name=MDKSA-2007:095 -
References () http://www.novell.com/linux/security/advisories/2007_007_suse.html - () http://www.novell.com/linux/security/advisories/2007_007_suse.html -
References () http://www.securityfocus.com/bid/23745 - () http://www.securityfocus.com/bid/23745 -
References () http://www.ubuntu.com/usn/usn-436-2 - () http://www.ubuntu.com/usn/usn-436-2 -
References () https://bugs.gentoo.org/show_bug.cgi?id=170303 - () https://bugs.gentoo.org/show_bug.cgi?id=170303 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/33566 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/33566 -

Information

Published : 2007-04-02 22:19

Updated : 2025-04-09 00:30


NVD link : CVE-2007-1799

Mitre link : CVE-2007-1799

CVE.ORG link : CVE-2007-1799


JSON object : View

Products Affected

joris_guisson

  • ktorrent