Bugzilla – Bug 887079
VUL-0: CVE-2014-4909 transmission: peer communication vulnerability
Last modified: 2014-08-19 07:17:10 UTC
CVE-2014-4909 Transmission version 2.84 fixes peer communication vulnerability (no known exploits) reported by Ben Hawkes. proof-of-concept for tr_bitfieldEnsureNthBitAlloced overflow: tr_bitfieldEnsureBitsAlloced (b, nth + 1); ... b->bits[nth >> 3u] |= (0x80 >> (nth & 7u)); results in a 1-bit out-of-bound write at constant address 0x1fffffff affects 32-bit systems only due to int index being cast to size_t nth its also possible to trigger the write relative to an allocated chunk by sending a valid response to the first piece request and triggering the bug on the second piece request (such that b->bits is allocated) submission acts as a seeding peer for the provided torrent file by default, transmission clients will use uTP and encryption, which submission doesn't support. tested using the following client: transmission-2.83/daemon/transmission-daemon -et --no-utp -f -c . References: https://bugs.gentoo.org/show_bug.cgi?id=516822 https://bugzilla.redhat.com/show_bug.cgi?id=1118290
bugbot adjusting priority
242169 State:new By:dimstar When:2014-07-24T08:05:07 maintenance_incident: GNOME:Apps/transmission@d65de334f181d79b4c78563f1f40286c -> openSUSE:Maintenance (release in openSUSE:13.1:Update) Descr: Release as online update for openSUSE 13.1
openSUSE-SU-2014:0980-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 887079 CVE References: CVE-2014-4909 Sources used: openSUSE 13.1 (src): transmission-2.82-2.4.1
Update released.