Info

Disclosure

Jan 16, 2008

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

uTorrent contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted packet is presented to the client "Detailed Info" screen, and will result in loss of availability for the application.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Upgrade
Exploit: Exploit Available
Disclosure: Vendor Verified

Solution

Upgrade to version 1.7.6 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

uTorrent

1.7.5

References

CVE ID: 2008-0364 (see also: NVD)
Bugtraq ID: 27321
Secunia Advisory ID: 28533
ISS X-Force ID: 39720
Other Advisory URL: http://aluigi.altervista.org/adv/ruttorrent-adv.txt
http://aluigi.org/poc/ruttorrent.zip
Vendor Specific News/Changelog Entry: http://download.utorrent.com/1.7.6/utorrent-1.7.6.txt
http://forum.utorrent.com/viewtopic.php?id=29330

Credit

Luigi Auriemma - aluigialtervista.org - http://aluigi.altervista.org

Direct URL: http://osvdb.org/36218