BID:21578

TorrentFlux Torrent Parameter Multiple Remote Command Execution Vulnerabilities

Info

TorrentFlux Torrent Parameter Multiple Remote Command Execution Vulnerabilities

Bugtraq ID:	21578
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Dec 13 2006 12:00AM
Updated:	Dec 14 2006 04:18PM
Credit:	Stefan Fritsch and Cameron Dale is credited with discovering this vulnerability.
Vulnerable:	TorrentFlux TorrentFlux 2.2

Not Vulnerable:	TorrentFlux TorrentFlux 2.3

Discussion

TorrentFlux Torrent Parameter Multiple Remote Command Execution Vulnerabilities

TorrentFlux is prone to a remote command-execution vulnerability.

Attackers can exploit this issue to execute arbitrary system commands with the privileges of the webserver process.

TorrentFlux version 2.2 is vulnerable to this issue; prior versions may also be vulnerable.

Exploit / POC

TorrentFlux Torrent Parameter Multiple Remote Command Execution Vulnerabilities

Attackers can exploit this issue via a web client.

Solution / Fix

TorrentFlux Torrent Parameter Multiple Remote Command Execution Vulnerabilities

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].

References

TorrentFlux Torrent Parameter Multiple Remote Command Execution Vulnerabilities

References:

TorrentFlux Homepage (TorrentFlux)
Debian Bug report logs - #808730 (Steve Kemp )