uTorrent “announce” URL Handling Buffer Overflow
A potentially very dangerous vulnerability has been discovered in the latest version of popular BitTorrent client uTorrent. This could be exploited by attackers to take complete control of an affected system. This issue is due to a buffer overflow error when handling a “torrent” file containing an overly long “announce” URL, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into opening a specially crafted torrent file or visiting a malicious web page.
All version of uTorrent are affected, including latest version 1.6 build 474 and prior. There’s already a working exploit for this floating on the internet. No fixed version has been released, as this is really fresh stuff. Although this exploit could be very dangerous, you need to download the “infected” torrent first and use it with this client. I recommend waiting for a new version of uTorrent (should be available within few hours, max days) and downloading only from trusted websites such as NewTorrents.info where are all torrents checked.
Comments(36)
it’s already fixed in last beta (483)
http://download.utorrent.com/beta/utorrent-1.6.1-beta-build-483.exe
thanks for the info martin….it will be really helpful for Utorrent users……
474 is not the newest beta. 483 is, I am not sure if the exploit is fixed on that.
http://download.utorrent.com/beta/utorrent-1.6.1-beta-build-483.exe
Thanks for the heads up… as a utorrent user, this information is vital
thanxs alot for the post martin my utorrent is reallly slow and weird today i was wondering why, until i check ur post now i see why!!!!lol usually im getting in th 300-500 kb/s now im getting only 10-20 kb/s
haaaaaaaaaaaarrrrrrrrrrrrggggggggg!
It’s fixed in 483.
http://forum.utorrent.com/viewtopic.php?id=19775
Ya, ill be checkin the “announce” url’s of my downloads closesly.
Thanks for the heads up.
Follow Follow we will Follow BitSpirit, everywhere, anywhere, we will Follow on !
Follow Follow we will Follow BitComet, everywhere, anywhere, we will Follow on !
lol
Kick ass info M@ster thx for the heads up
is bitspirit any good or bitcomet i tried azereus and u torrent azureus is crap and utorrent is acting up real bad right now (overflow)
any comments on which bit clients i should use !!!??
ludde fixed it months ago in 483.
http://download.utorrent.com/beta/utorrent-1.6.1-beta-build-483.exe
If he fixed it in 483 I don’t see why he isn’t pushing it out through the auto-update feature.
and even whit the beta version its sttioll all screwy io tried it and all my torrents are from good source
and even whit the beta version its sttioll all screwy io tried it and all my torrents are from good source
yeah sure newtorrents, any public torrent site sucks
the exploit only works on Windows xp sp1.
So most people don’t have to worry.
Welshboy
To the uninformed people who mistakenly think this vulnerability is affecting uTorrent’s download speed. The two are in now way related. If you happen to have slow speeds downloading from torrents today, its just a coincidence. Everyone likes to blame poor download speeds on everything under the sun, when it is almost always just natural fluctuations in the health of torrents you happen to be downloading and the peers you happen to be connected to. For that matter, different clients don’t affect download speed much.
What this vulnerability is — if you click on a torrent that has a specially crafted announce URL, it could cause a buffer overflow and result in code execution.
@dbcch
ok i see now ! im still learning all the how to use torrent properly
there is alot of grey areas about torrent sharing that im learning everyday ! thanxs for the info!
@dbcch
Another reason to use only private trackers.
question: why even care if you have additional firewall etc?
and who does p2p without those ?
lol darknessviking it is an exploit for a service already running on your box allowed by your firewall. So they would get a shell.
Once they have a shell they can turn off your firewall and do what they like. I wouldn’t worry too much though i doubt many people will bother exploiting home user connections directly.
don’t use the evil commercial mpaa friendly utorrent =]
http://www.virustotal.com/vt/en/resultadof?f2d09b607a8ef9b556a965355c2d4cc9
some firewalls, especially with allowed applications, has buffer-overflow prevention. it will shutdown the app before it allows a buffer over-flow. if your firewall doesn’t do that, time to change firewalls.
Ta very much Martin for the heads up!
I can now relax my sphincter.
Did anybody even RTFA?
“* Works on XP SP1 and w2k sp1-4″
It means XP SP2 and Vista aren’t affected. If you haven’t yet upgraded to SP2, you deserve to get infected.
Right. Hopefully my Win2k SP5.1 isn’t affected, but I’m already using the latest beta (483), just in case…
new µTorrent 1.6.1 Build 488 – Final is release
http://download.utorrent.com/1.6.1/utorrent.exe
deXter: if you read the bug report, it says:
“”Koepi” (who first informed us on the channel) tested it on SP2, and supposedly, it did work.”
Anyway, theres a official update out now:
Latest Version: µTorrent 1.6.1 Stable build 488
Download: http://download.utorrent.com/1.6.1/utorrent.exe
Changelog: http://download.utorrent.com/1.6.1/utorrent-1.6.1.txt
Changelog entry “Fix: Fix malformed .torrent exploit” applies to this one
deXter: if you read the bug report, it says:
“”Koepi” (who first informed us on the channel) tested it on SP2, and supposedly, it did work.”
Anyway, theres a official update out now:
Latest Version: µTorrent 1.6.1 Stable build 488
Download: download.utorrent.com/1.6.1/utorrent.exe
Changelog: download.utorrent.com/1.6.1/utorrent-1.6.1.txt
Changelog entry “Fix: Fix malformed .torrent exploit” applies to this one
if i already have uTorrent is there any chance to get this virus???
Lol it is ironic that an exploit which will mainly be used by people to create ftp servers to spread warez on university networks will affect people using bit torrent which wouldn’t have torrents to download if it wasn’t for the exploiters in the first place.
Having said that other than uni lans where students are running utorrent most users will be unaffected because there internet connections would be so relatively slow it wouldn’t be worth the hassle.
well the chance to get virus is very-low if you download torrents from trackers that are checked, i mean from a secure trackers where uploaders will no put the expl. in the announce
still getting slow speeds downloading
Walgreen reputably shipwrecked McNally disbands:analyticities kittenish spouting