Launchpad.net

CVE 2009-1760

Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar libtorrent before 0.14.4, as used in firetorrent, qBittorrent, deluge Torrent, and other applications, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) and partial relative pathname in a Multiple File Mode list element in a .torrent file.

Related bugs and status

CVE-2009-1760 (Candidate) is related to these bugs:

Bug #428183: Directory traversal vulnerability

		In	Importance	Status
428183	Directory traversal vulnerability	libtorrent-rasterbar (Ubuntu)	Medium	Invalid
428183	Directory traversal vulnerability	libtorrent-rasterbar (Ubuntu Dapper)	Medium	Invalid
428183	Directory traversal vulnerability	libtorrent-rasterbar (Ubuntu Hardy)	Medium	Invalid
428183	Directory traversal vulnerability	libtorrent-rasterbar (Ubuntu Intrepid)	Medium	Invalid
428183	Directory traversal vulnerability	libtorrent-rasterbar (Ubuntu Jaunty)	Medium	Won't Fix
428183	Directory traversal vulnerability	libtorrent-rasterbar (Ubuntu Karmic)	Medium	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2009-1760

Related bugs and status

Related bugs

References