![]() That being said, we recommend the readers to enable password protection using the inbuilt the JSON RPC interface. According to him, the vulnerability was present only when users enabled remote access and disabled password protection.Īs of now, there is no official word on when will Transmission be releasing an update for the fix. ![]() In a response to ArsTechnica, a Transmission development official stated that he expected an official fix to be released “ASAP” but was not specific. While Ormandy understands that the threat is of “relatively low complexity”, he states that this is exactly the reason why he is eager to make sure everyone is patched. That being said, the researcher has disclosed the vulnerability just 40 days after the initial report, considering the fact that “Transmission developers are not responding on their private security list.” According to Ormandy, “I suggested moving this into the open so that distributions can apply the patch independently.” Attackers also gain the ability to remotely configure Transmission to run any command of their choosing after a download has been completed.Īny vulnerability that is reported by Project Zero is usually withheld for a period of 90 days or until the developer has released a fix before going public. Using the above exploit, the attacker can change the Torrent download directory to the user’s home directory and then make Transmission download a Torrent called “.bashrc” which would automatically be executed the next time the user opened a bash shell. When the browser resolves to 123.123.123.123, they serve HTML that waits for the DNS entry to expire (or force it to expire by flooding the cache with lookups), then they have permission to read and set headers.The attacker configures their DNS server to respond alternately with 127.0.0.1and 123.123.123.123 (an address they control) with a very low TTL.A user visits, which has an to a subdomain the attacker controls.In a separate post while publishing the patch for the same, Ormandy stated the attack takes place in the following manner: He states that his exploit works on popular web browsers such as Chrome and Firefox, and is applicable to both Windows and Linux.Īs per his exploit, attackers can take control of users’ systems by creating a DNS name they are authorized to communicate with and then making it resolve to the localhost name of the vulnerable computer. Tavis Ormandy, a researcher working with Google’s Project Zero vulnerability reporting team, stated that there is a Transmission function that allows users to control the BitTorrent app with their Web browser.Īccording to Ormandy’s proof-of-attack, using a hacking technique known as domain name system rebinding, the Transmission interface can be remotely controlled when a vulnerable user visits a malicious site. As reported by ArsTechnica, there happens to be a critical weakness in the widely used Transmission BitTorrent app that allows websites to execute malicious code on some users’ computers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |