Search Slyck  
µTorrent Vulnerability Discovered
August 12, 2008
Thomas Mennecke
Font Bigger Font Smaller
Whenever the resources of the Internet are exploited, you can expect to be exploited yourself. People are always finding new and creative ways to take over machines, launch DoS (Denial of Service) attacks, or just watch the Internet burn for fun. µTorrent, the once independent client now owned by BitTorrent, Inc., was discovered to have a rather serious security vulnerability in versions prior to 1.8.

"The vulnerability is caused due to a boundary error in the processing of ".torrent" files. This can be exploited to cause a stack-based buffer overflow by tricking the user into opening a ".torrent" file containing an overly long "created by" field. Successful exploitation may allow execution of arbitrary code."

Say what? Basically it means this: Let's say a nefarious individual wants to exploit any number of machines. He or she creates a malicious torrent file which intentionally corrupts the "created by" section of the torrent file. This field contains information about the origins of the torrent, which should only be a dozen or so characters. However, there's no limit to the amount of data that can be entered there, and previous versions of µTorrent didn't limit the amount of data.

Once the field is exploited, the malicious individual can run whatever code he wants. Maybe the data will contain something harmless, or perhaps the data will contain code that will give a remote user access to the unsuspecting machine.

According to the exploit's discoverer, Rhys Kidd, the exploit has existed for over 2 years, more than enough time to do some serious damage.

"uTorrent and Bittorrent Mainline have included an unpatched Unicode stack overflow in its code-base for at least 2 years. It was finally patched on the 5th August 2008 with 1.8 Release Candidate 7."

Considering that no widespread DoS attacks have occurred during that time, and few, if any, µTorrent users have found their machines suddenly wiped out, the damage appears to be virtually non-existent. This is especially true since it took over 2 years just to find the exploit. The end user would have to intentionally download a malicious torrent, something that has become more difficult these days thanks to an effective comment and rating system on most BitTorrent trackers and indexers.

This story is filed in these Slyck News categories
BitTorrent :: BitTorrent Clients

You can discuss this article here - 68 replies

© 2001-2018