![]() Guidelines on proper formatting of your messages. Open Source Software Security Wiki, which is counterpart to thisĬonfused about mailing lists and their use? So I'm not just asking for a CVE, but whether or not it's a flaw (I don't know enough about UPNP to hazard a guess).ĭownload attachment " signature.asc " of type "application/pgp-signature " (711 bytes) Either way, I suppose that anyone running such a bittorrent client isn't expecting that all ports start forwarding (but, as a result, I'm not sure if this is malfunctioning firewall which is where knowing whether or not this is according to spec would be good). I can't find any references on whether or not this is part of the UPNP spec or known behaviour, however. It was brought to my attention today that a potential flaw in rb_libtorrent exists where it will open UPNP port 0, which (by the description of the issue) opens all ports to the system running rb_libtorrent via the given firewall (so even if you had, say, only port 22 open to the machine to start, fire up an application using rb_libtorrent such as qbittorrent, and all ports are forwarding to that machine). Subject: possible CVE request: rb_libtorrent opens UPNP port 0 We’re committed to having a free version of BitTorrent available, supported by ads that help cover costs that app can be found here: bit.ly/XKUhsT –From the BitTorrent mobile team.Hash Suite - Windows password security audit tool.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |