CVE-2010-0012 — HIGH (8.8) — White Hats Nepal

Vulnerability Description

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Transmissionbt	Transmission	1.22
Debian	Debian Linux	5.0
Opensuse	Opensuse	11.0

Related Weaknesses (CWE)

CWE-22

References

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlMailing List
http://secunia.com/advisories/37993Broken Link
http://secunia.com/advisories/38005Broken Link
http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+Broken Link
http://trac.transmissionbt.com/changeset/9829/Patch
http://trac.transmissionbt.com/wiki/Changes#version-1.77Broken Link
http://www.debian.org/security/2010/dsa-1967Third Party Advisory
http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.htPatch
http://www.openwall.com/lists/oss-security/2010/01/06/2Mailing List
http://www.openwall.com/lists/oss-security/2010/01/06/4Mailing List
http://www.vupen.com/english/advisories/2010/0071Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/55454Third Party AdvisoryVDB Entry
https://launchpad.net/bugs/500625Issue TrackingPatch
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.htmlMailing List
http://secunia.com/advisories/37993Broken Link

FAQ

What is CVE-2010-0012?

CVE-2010-0012 is a vulnerability with a CVSS score of 8.8 (HIGH). Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within ...

How severe is CVE-2010-0012?

CVE-2010-0012 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-0012?

Check the references section above for vendor advisories and patch information. Affected products include: Transmissionbt Transmission, Debian Debian Linux, Opensuse Opensuse.