uTorrent “announce” URL Handling Buffer Overflow

Status
Not open for further replies.

goobimama

 Macboy
A potentially very dangerous vulnerability has been discovered in the latest version of popular BitTorrent client uTorrent. This could be exploited by attackers to take complete control of an affected system. This issue is due to a buffer overflow error when handling a “torrent” file containing an overly long “announce” URL, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into opening a specially crafted torrent file or visiting a malicious web page.

All version of uTorrent are affected, including latest version 1.6 build 474 and prior. There’s already a working exploit for this floating on the internet. No fixed version has been released, as this is really fresh stuff. Although this exploit could be very dangerous, you need to download the “infected” torrent first and use it with this client. I recommend waiting for a new version of uTorrent (should be available within few hours, max days) and downloading only from trusted websites such as NewTorrents.info where are all torrents checked.

Quoted from www.rlslog.net [*www.rlslog.net/utorrent-announce-url-handling-buffer-overflow/]
 

Sourabh

Laptoping
There has been no update for utorrent ever since it was taken over by Bit Torrent Inc. So waiting for a new version without some DRM is being very optimistic. If there is no update to patch this, I will shift to FlashGet for torrents too.
 

Arsenal_Gunners

Human Spambot
Why don't you guys switch to BITcomet.I am getting speeds of around 35KBps:D
on my 256KBps connection in Vista.(MAX 30 on xp)
*img362.imageshack.us/img362/7940/untitledsx6.th.jpg
 

navjotjsingh

Wise Old Owl
µTorrent 1.6.1 Build 488 - Final

Released 13 Feb, 2007.

Changes in Version 1.6.1 (build 488), 2007-02-13:
- Feature: Select upload/download speed for a torrent through the rightclick menu
- Feature: Added encryption box to speed guide
- Change: Don't check as many pieces at the same time.
- Change: Misc WebUI changes.
- Change: Switch to JSON for webinterface
- Fix: Problem with category list in the gui when updated from the webui
- Fix: WebUI not clearing state between requests.
- Fix: Redirect also index.html to guest.html
- Fix: Added On Now shows the time it's added, not loaded.
- Fix: JSON uses " instead of '
- Fix: (a) Upnp fix
- Fix: Show pause icon when checking is paused.
- Fix: Fixed problems with XML parser
- Fix: Don't allow two message boxes to be shown in the RSS window
- Fix: Changed some window titles
- Fix: Fix malformed .torrent exploit
- Fix: Boss key field is now larger

*download.utorrent.com/1.6.1/utorrent.exe

Size: 173 KB
 

gxsaurav

You gave been GXified
vimal_mehrotra said:
Why don't you guys switch to BITcomet.I am getting speeds of around 35KBps:D
on my 256KBps connection in Vista.(MAX 30 on xp)
*img362.imageshack.us/img362/7940/untitledsx6.th.jpg

Bitcomet is good for Vista, it sux on XP though....it nothing fast compared to utorrent in XP
 

casanova

The Frozen Nova
Nothing mentioned about that. Probably it wasn't. They released another build. uTorrent 1.6.1 Build 490.
This is the change log.
--- 2007-02-13: Version 1.6.1 (build 490)
- Feature: Select upload/download speed for a torrent through the rightclick menu
- Feature: Added encryption box to speed guide

- Change: Don't check as many pieces at the same time.
- Change: Misc WebUI changes.
- Change: Switch to JSON for webinterface

- Fix: Problem with category list in the gui when updated from the webui
- Fix: WebUI not clearing state between requests.
- Fix: Redirect also index.html to guest.html
- Fix: Added On Now shows the time it's added, not loaded.
- Fix: JSON uses " instead of '
- Fix: (a) Upnp fix
- Fix: Show pause icon when checking is paused.
- Fix: Fixed problems with XML parser
- Fix: Don't allow two message boxes to be shown in the RSS window
- Fix: Changed some window titles
- Fix: Fix malformed .torrent exploit
- Fix: Boss key field is now larger
- Fix: PECompact bug causing crashes

They haven't mentioned about the flaw on the site nither in the change log. It should be fixed with the latest build as of now.
 

navjotjsingh

Wise Old Owl
What is happening with utorrent...earlier they stopped updating for more than 6 months and now in 2 days they updated it thrice...488,489 and 490!! :p
 
T

thunderbird.117

Guest
I think utorrent is finished once and for all. I left utorrent and started using azerues and iam loving it baby. :D.

I do not why this people say that it memory. It is hardly taking any memory.
 
Status
Not open for further replies.
Top Bottom