oss-sec mailing list archives
possible CVE request: rb_libtorrent opens UPNP port 0
From: "Vincent Danen" <vdanen () redhat com>
Date: Tue, 24 Jun 2014 08:18:26 -0600
It was brought to my attention today that a potential flaw in rb_libtorrent exists where it will open UPNP port 0, which (by the description of the issue) opens all ports to the system running rb_libtorrent via the given firewall (so even if you had, say, only port 22 open to the machine to start, fire up an application using rb_libtorrent such as qbittorrent, and all ports are forwarding to that machine). I can't find any references on whether or not this is part of the UPNP spec or known behaviour, however. Either way, I suppose that anyone running such a bittorrent client isn't expecting that all ports start forwarding (but, as a result, I'm not sure if this is malfunctioning firewall which is where knowing whether or not this is according to spec would be good). So I'm not just asking for a CVE, but whether or not it's a flaw (I don't know enough about UPNP to hazard a guess). Here's some references: https://github.com/qbittorrent/qBittorrent/issues/1758 https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134652.html https://bugs.mageia.org/show_bug.cgi?id=13582 -- Vincent Danen / Red Hat Product Security
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- possible CVE request: rb_libtorrent opens UPNP port 0 Vincent Danen (Jun 24)
- Re: possible CVE request: rb_libtorrent opens UPNP port 0 Vincent Danen (Jun 24)