CVE-2008-5905

NameCVE-2008-5905
DescriptionThe web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs504178

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ktorrent (PTS)buster5.1.1-1fixed
bullseye5.2.0-2fixed
bookworm22.12.3-1fixed
sid, trixie22.12.3-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ktorrentsourceetch(not affected)
ktorrentsource(unstable)3.1.4+dfsg.1-1
ktorrent2.2source(unstable)2.2.8.dfsg.1-1504178

Notes

[etch] - ktorrent <not-affected> (Doesn't include the web interface)
Search for package or bug name: Reporting problems