A vulnerability in uTorrent and Bittorrent, which is using uTorrent’s core, was discovered today that effects the BitTorrent 6.0 client,
uTorrent 1.7.x, uTorrent 1.6.x and uTorrent 1.8-alpha-7834. The Denial of Service vulnerability is made possible by the way the clients handle user data.
Basically said, uTorrent will crash if a user connects to it that sends a software version that is to long to be handled. This results in a crash of uTorrent. The attacker does not need to use Bittorrent at all to do that, a connection to the port that is being used by Bittorrent sending the to-long software version and a valid torrent hash is enough.
Code execution on the other hand is not possible. The uTorrent team reacted in less than one day and published a new version of their software 1.7.6 that handles the DOS vulnerability and three minor issues as well.
While it is not very likely that someone will actually exploit the vulnerability it is still advised to update immediately.
via Torrentfreak
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
uTorrent 1.7.7 fixes two remote crash bugsBittorrent Client uTorrent 3.0 Alpha Released
uTorrent 3 Final Bittorrent Client Released
uTorrent 1.8.2 Final
What Is Bittorrent DNA, Remote, And Should You Use It
Confirmed this bug works…
But will not work with privte tracker, you need to copy the SHA-1 hash manually from the torretn page you are downloading.