Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

transmission-daemon: CVE-2012-6129: Transmission can be made to crash remotely

Related Vulnerabilities: CVE-2012-6129  

Source

Debian Bug report logs - #700234
transmission-daemon: CVE-2012-6129: Transmission can be made to crash remotely

version graph

Package: transmission-daemon; Maintainer for transmission-daemon is Sandro Tosi <morph@debian.org>; Source for transmission-daemon is src:transmission (PTS, buildd, popcon).

Reported by: Josselin Mouette <joss@debian.org>

Date: Sun, 10 Feb 2013 11:18:02 UTC

Severity: grave

Tags: help, patch, security, upstream

Found in version transmission/2.52-3

Fixed in versions transmission/2.76-1, transmission/2.52-3+nmu1

Done: Josselin Mouette <joss@debian.org>

Bug is archived. No further changes may be made.

Forwarded to https://trac.transmissionbt.com/ticket/5002

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Leo Costela <costela@debian.org>:
Bug#700234; Package transmission-daemon. (Sun, 10 Feb 2013 11:18:05 GMT) (full text, mbox, link).

Acknowledgement sent to Josselin Mouette <joss@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Leo Costela <costela@debian.org>. (Sun, 10 Feb 2013 11:18:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: transmission-daemon: Transmission can be made to crash remotely
Date: Sun, 10 Feb 2013 11:50:11 +0100
[Message part 1 (text/plain, inline)]
Package: transmission-daemon
Version: 2.52-3
Severity: grave
Tags: security patch upstream
Justification: user security hole

The transmission-daemon package in wheezy crashes regularly. According 
to upstream this is a remote security hole (at least a remote DoS, but 
most probably there is a way to take control of the process).

https://trac.transmissionbt.com/ticket/5044
https://trac.transmissionbt.com/ticket/5002

Apparently there is no CVE assigned. The bug is fixed upstream and I’m 
attaching the patch. I’m currently testing a patched package, and will 
report whether the fix is sufficient.

Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'
  `-

[fix_libutp_crash.patch (text/x-diff, attachment)]

Information forwarded to debian-bugs-dist@lists.debian.org, Leo Costela <costela@debian.org>:
Bug#700234; Package transmission-daemon. (Sun, 10 Feb 2013 12:27:05 GMT) (full text, mbox, link).

Acknowledgement sent to Yves-Alexis Perez <corsac@debian.org>:
Extra info received and forwarded to list. Copy sent to Leo Costela <costela@debian.org>. (Sun, 10 Feb 2013 12:27:05 GMT) (full text, mbox, link).

Message #10 received at 700234@bugs.debian.org (full text, mbox, reply):

From: Yves-Alexis Perez <corsac@debian.org>
To: oss-security@lists.openwall.com
Cc: 700234@bugs.debian.org, Josselin Mouette <joss@debian.org>
Subject: CVE request: Transmission can be made to crash remotely
Date: Sun, 10 Feb 2013 13:22:28 +0100
[Message part 1 (text/plain, inline)]
On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
> Package: transmission-daemon
> Version: 2.52-3
> Severity: grave
> Tags: security patch upstream
> Justification: user security hole
> 
> The transmission-daemon package in wheezy crashes regularly. According 
> to upstream this is a remote security hole (at least a remote DoS, but 
> most probably there is a way to take control of the process).
> 
> https://trac.transmissionbt.com/ticket/5044
> https://trac.transmissionbt.com/ticket/5002
> 
> Apparently there is no CVE assigned. The bug is fixed upstream and I’m 
> attaching the patch. I’m currently testing a patched package, and will 
> report whether the fix is sufficient.
> 
Could a CVE be assigned for this?

Thanks in advance,
-- 
Yves-Alexis

[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Leo Costela <costela@debian.org>:
Bug#700234; Package transmission-daemon. (Tue, 12 Feb 2013 19:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Josselin Mouette <joss@debian.org>:
Extra info received and forwarded to list. Copy sent to Leo Costela <costela@debian.org>. (Tue, 12 Feb 2013 19:18:03 GMT) (full text, mbox, link).

Message #15 received at 700234@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>
To: 700234@bugs.debian.org
Subject: Patch confirmed working
Date: Tue, 12 Feb 2013 19:41:04 +0100
I’ve been running the patched daemon for a couple days and it seems to
work fine.
-- 
 .''`.      Josselin Mouette
: :' :
`. `'
  `-

Information forwarded to debian-bugs-dist@lists.debian.org, Leo Costela <costela@debian.org>:
Bug#700234; Package transmission-daemon. (Wed, 13 Feb 2013 07:54:03 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Leo Costela <costela@debian.org>. (Wed, 13 Feb 2013 07:54:03 GMT) (full text, mbox, link).

Message #20 received at 700234@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Yves-Alexis Perez <corsac@debian.org>, 700234@bugs.debian.org
Cc: Josselin Mouette <joss@debian.org>
Subject: Re: Bug#700234: CVE request: Transmission can be made to crash remotely
Date: Wed, 13 Feb 2013 08:51:59 +0100
Control: retitle 700234 transmission-daemon: CVE-2012-6129: Transmission can be made to crash remotely

Hi

On Sun, Feb 10, 2013 at 01:22:28PM +0100, Yves-Alexis Perez wrote:
> On dim., 2013-02-10 at 11:50 +0100, Josselin Mouette wrote:
> > Package: transmission-daemon
> > Version: 2.52-3
> > Severity: grave
> > Tags: security patch upstream
> > Justification: user security hole
> > 
> > The transmission-daemon package in wheezy crashes regularly. According 
> > to upstream this is a remote security hole (at least a remote DoS, but 
> > most probably there is a way to take control of the process).
> > 
> > https://trac.transmissionbt.com/ticket/5044
> > https://trac.transmissionbt.com/ticket/5002
> > 
> > Apparently there is no CVE assigned. The bug is fixed upstream and I???m 
> > attaching the patch. I???m currently testing a patched package, and will 
> > report whether the fix is sufficient.
> > 
> Could a CVE be assigned for this?

A CVE was assigned to this now: CVE-2012-6129.

Regards,
Salvatore

Changed Bug title to 'transmission-daemon: CVE-2012-6129: Transmission can be made to crash remotely' from 'transmission-daemon: Transmission can be made to crash remotely' Request was from Salvatore Bonaccorso <carnil@debian.org> to 700234-submit@bugs.debian.org. (Wed, 13 Feb 2013 07:54:03 GMT) (full text, mbox, link).

Added tag(s) help. Request was from Leo 'costela' Antunes <costela@debian.org> to control@bugs.debian.org. (Thu, 14 Feb 2013 16:15:08 GMT) (full text, mbox, link).

Marked as fixed in versions transmission/2.76-1. Request was from Leo 'costela' Antunes <costela@debian.org> to control@bugs.debian.org. (Thu, 14 Feb 2013 16:15:08 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://trac.transmissionbt.com/ticket/5002'. Request was from Leo 'costela' Antunes <costela@debian.org> to control@bugs.debian.org. (Thu, 14 Feb 2013 16:15:09 GMT) (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org, Leo Costela <costela@debian.org>:
Bug#700234; Package transmission-daemon. (Thu, 14 Feb 2013 16:27:06 GMT) (full text, mbox, link).

Acknowledgement sent to Leo 'costela' Antunes <costela@debian.org>:
Extra info received and forwarded to list. Copy sent to Leo Costela <costela@debian.org>. (Thu, 14 Feb 2013 16:27:06 GMT) (full text, mbox, link).

Message #33 received at 700234@bugs.debian.org (full text, mbox, reply):

From: Leo 'costela' Antunes <costela@debian.org>
To: Salvatore Bonaccorso <carnil@debian.org>, 700234@bugs.debian.org
Cc: Yves-Alexis Perez <corsac@debian.org>, Josselin Mouette <joss@debian.org>
Subject: Re: Bug#700234: CVE request: Transmission can be made to crash remotely
Date: Thu, 14 Feb 2013 17:17:30 +0100
Hey guys,

On 13/02/13 08:51, Salvatore Bonaccorso wrote:
> A CVE was assigned to this now: CVE-2012-6129.

Thanks for all the work!
I'm unfortunately seriously swamped at least until next Wednesday and
would really appreciate an NMU (and if it's not asking too much, that
the NMU changes be committed to the collab-maint repo)

Thanks again and sorry for the uselessness! :/

Cheers

-- 
Leo "costela" Antunes
[insert a witty retort here]

Added tag(s) pending. Request was from Josselin Mouette <joss@debian.org> to control@bugs.debian.org. (Thu, 14 Feb 2013 19:18:04 GMT) (full text, mbox, link).

Reply sent to Josselin Mouette <joss@debian.org>:
You have taken responsibility. (Thu, 14 Feb 2013 19:21:04 GMT) (full text, mbox, link).

Notification sent to Josselin Mouette <joss@debian.org>:
Bug acknowledged by developer. (Thu, 14 Feb 2013 19:21:04 GMT) (full text, mbox, link).

Message #40 received at 700234-close@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>
To: 700234-close@bugs.debian.org
Subject: Bug#700234: fixed in transmission 2.52-3+nmu1
Date: Thu, 14 Feb 2013 19:17:58 +0000
Source: transmission
Source-Version: 2.52-3+nmu1

We believe that the bug you reported is fixed in the latest version of
transmission, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 700234@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <joss@debian.org> (supplier of updated transmission package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 14 Feb 2013 19:41:13 +0100
Source: transmission
Binary: transmission transmission-common transmission-dbg transmission-cli transmission-gtk transmission-qt transmission-daemon
Architecture: source all amd64
Version: 2.52-3+nmu1
Distribution: unstable
Urgency: medium
Maintainer: Leo Costela <costela@debian.org>
Changed-By: Josselin Mouette <joss@debian.org>
Description: 
 transmission - lightweight BitTorrent client
 transmission-cli - lightweight BitTorrent client (command line programs)
 transmission-common - lightweight BitTorrent client (common files)
 transmission-daemon - lightweight BitTorrent client (daemon)
 transmission-dbg - lightweight BitTorrent client (debug symbols)
 transmission-gtk - lightweight BitTorrent client (GTK interface)
 transmission-qt - lightweight BitTorrent client (Qt interface)
Closes: 700234
Changes: 
 transmission (2.52-3+nmu1) unstable; urgency=medium
 .
   * Non-maintainer upload with maintainer’s permission.
   * CVE-2012-6129_libutp_crash.patch: SECURITY - backport upstream
     commit r13646 to fix a crasher that could be exploited remotely.
   * Closes: #700234, CVE-2012-6129.
Checksums-Sha1: 
 f4cefe60c01c8574e630313bf0e7f4b2892ca091 1861 transmission_2.52-3+nmu1.dsc
 f987f6695c4d38437de17fe4c91085d6b203973b 20667 transmission_2.52-3+nmu1.debian.tar.bz2
 b3aa8f0271929b8d242c4f174a6dc777675d861f 1088 transmission_2.52-3+nmu1_all.deb
 eb958f32926a9b4ff195967f7b73fd444bb989ad 291580 transmission-common_2.52-3+nmu1_all.deb
 bbb88bc76cb611f80eb3319de4b99e96e0f87324 12810198 transmission-dbg_2.52-3+nmu1_amd64.deb
 9a974b226c20cf8d058774e1cdb903e185eadec7 1152450 transmission-cli_2.52-3+nmu1_amd64.deb
 c5300957108761c57e69a6b70ac074d41c28da82 1156996 transmission-gtk_2.52-3+nmu1_amd64.deb
 7bc899b7c772d83f7eb847a91704455b05a853b8 616066 transmission-qt_2.52-3+nmu1_amd64.deb
 e572f94893589416fe949649bee80539b7fccd88 234428 transmission-daemon_2.52-3+nmu1_amd64.deb
Checksums-Sha256: 
 e57bfc16613c3914e1ca02c37d0878e23670a4370d1d428df50ca2c13ca853af 1861 transmission_2.52-3+nmu1.dsc
 f62cc4b5fc8ceb872a62c258451a1c3515a48220c01e96f091dcbabe974bf1e8 20667 transmission_2.52-3+nmu1.debian.tar.bz2
 19787c55637f1828e86f7bb4fc36de6c4bbc302f5f0af2479223de01b8e12e46 1088 transmission_2.52-3+nmu1_all.deb
 c5516ed582822e5c77915e2f4150d45a865ec830eac5d2d4167fde4ba62b1928 291580 transmission-common_2.52-3+nmu1_all.deb
 bb7e2f28280af87c8784c78ee975c8d9d5e9f38946b555864bf10a4e17a68219 12810198 transmission-dbg_2.52-3+nmu1_amd64.deb
 4bad3403756d94f926e2a42363ffe53f96b8105a7b0b570785d95dccb79ab49c 1152450 transmission-cli_2.52-3+nmu1_amd64.deb
 0aa8b8e75fc93da54773e16db2a21026a3de6e487a0cdb1320c31ff718c0b97a 1156996 transmission-gtk_2.52-3+nmu1_amd64.deb
 41d638191ed5fe5de8fbea4b67117463cd83a5f32416246aa7a6b04c846de8ac 616066 transmission-qt_2.52-3+nmu1_amd64.deb
 c3b96855cf74c2bcee31cf30ffd797cc737ac57a1182abd6fd165bf79503ca79 234428 transmission-daemon_2.52-3+nmu1_amd64.deb
Files: 
 e002fb148b32ec66e719ee28c98830ce 1861 net optional transmission_2.52-3+nmu1.dsc
 b701fba8e2fa3bf5932998eece124f02 20667 net optional transmission_2.52-3+nmu1.debian.tar.bz2
 1b6cf63cf7b313c0620562a8f51baa0d 1088 net optional transmission_2.52-3+nmu1_all.deb
 d343d1c3a849f0d4dd76bb5ef36f53fc 291580 net optional transmission-common_2.52-3+nmu1_all.deb
 93eb456bb358cbb70945d3200c77d880 12810198 debug extra transmission-dbg_2.52-3+nmu1_amd64.deb
 4bfe80b7cba8a97225bef7b29b74e66f 1152450 net optional transmission-cli_2.52-3+nmu1_amd64.deb
 d6ef6012e1afcad9b2ad37b26a0d2f52 1156996 net optional transmission-gtk_2.52-3+nmu1_amd64.deb
 05f0be4d52cf989a0ad99fffdc2fee6b 616066 net optional transmission-qt_2.52-3+nmu1_amd64.deb
 facaebc2bc203353b588969779654df7 234428 net optional transmission-daemon_2.52-3+nmu1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFRHTSBrSla4ddfhTMRArKcAJ4wXG0rigPflw8hv9Ycx/7cOhIsMgCfZXxs
5ZUrZeaFkR5y30FreqSOYKw=
=B1uX
-----END PGP SIGNATURE-----

Information forwarded to debian-bugs-dist@lists.debian.org, Leo Costela <costela@debian.org>:
Bug#700234; Package transmission-daemon. (Thu, 14 Feb 2013 19:48:08 GMT) (full text, mbox, link).

Acknowledgement sent to Josselin Mouette <joss@debian.org>:
Extra info received and forwarded to list. Copy sent to Leo Costela <costela@debian.org>. (Thu, 14 Feb 2013 19:48:09 GMT) (full text, mbox, link).

Message #45 received at 700234@bugs.debian.org (full text, mbox, reply):

From: Josselin Mouette <joss@debian.org>
To: 700234@bugs.debian.org
Subject: transmission: diff for NMU version 2.52-3+nmu1
Date: Thu, 14 Feb 2013 20:03:39 +0100
[Message part 1 (text/plain, inline)]
tags 700234 + pending
thanks

Dear maintainer,

as requested, I've prepared an NMU for transmission (versioned as 
2.52-3+nmu1) and uploaded it to unstable.

Note that I haven’t commited the changes to git, because the repository 
includes not-yet-uploaded changes in the wheezy branch and I don’t know 
how you want to handle them.


Cheers,
-- 
 .''`.      Josselin Mouette
: :' :
`. `'
  `-

[transmission-2.52-3+nmu1-nmu.diff (text/x-diff, attachment)]

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 20 Mar 2013 07:26:12 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:18:43 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started