DescriptionDirectory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by "../" sequences, due to an incomplete fix for CVE-2007-1384.
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
|National Vulnerability Database|
- SUSE-SR:2007:007, published Fri, 20 Apr 2007 17:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE LINUX 10.0|| |
|SUSE LINUX 10.1|| |