CVE-2009-1757

Related Files

Mandriva Linux Security Advisory 2010-013

Posted Jan 19, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-013 - Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a. (dot dot) in a pathname within a.torrent file. The updated packages have been patched to correct these issues.

tags | advisory, remote, arbitrary, csrf

systems | linux, mandriva

advisories | CVE-2009-1757, CVE-2010-0012

SHA-256 | 645f6e2956cd21abc6897932877a4cf16624d8a5590ec9be9a0d461297efda51

Download | Favorite | View

Ubuntu Security Notice 885-1

Posted Jan 14, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 885-1 - It was discovered that the Transmission web interface was vulnerable to cross-site request forgery (CSRF) attacks. If a user were tricked into opening a specially crafted web page in a browser while Transmission was running, an attacker could trigger commands in Transmission. This issue affected Ubuntu 9.04. Dan Rosenberg discovered that Transmission did not properly perform input validation when processing torrent files. If a user were tricked into opening a crafted torrent file, an attacker could overwrite files via directory traversal.

tags | advisory, web, csrf

systems | linux, ubuntu

advisories | CVE-2009-1757, CVE-2010-0012

SHA-256 | 69acb157bcde280488cb2e36985fb02edf668493426e074cb560fc966af289bb

Download | Favorite | View