Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Published

2010-01-08T17:30:02.317

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	transmissionbt	transmission	1.22	Yes
Application	transmissionbt	transmission	1.34	Yes
Application	transmissionbt	transmission	1.75	Yes
Application	transmissionbt	transmission	1.76	Yes
Operating System	debian	debian_linux	5.0	Yes
Operating System	opensuse	opensuse	11.0	Yes
Operating System	opensuse	opensuse	11.1	Yes
Operating System	opensuse	opensuse	11.2	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html Mailing List ([email protected])
http://secunia.com/advisories/37993 Broken Link ([email protected])
http://secunia.com/advisories/38005 Broken Link ([email protected])
http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz Broken Link ([email protected])
http://trac.transmissionbt.com/changeset/9829/ Patch ([email protected])
http://trac.transmissionbt.com/wiki/Changes#version-1.77 Broken Link ([email protected])
http://www.debian.org/security/2010/dsa-1967 Third Party Advisory ([email protected])
http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html Patch ([email protected])
http://www.openwall.com/lists/oss-security/2010/01/06/2 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2010/01/06/4 Mailing List ([email protected])
http://www.vupen.com/english/advisories/2010/0071 Permissions Required ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/55454 Third Party Advisory, VDB Entry ([email protected])
https://launchpad.net/bugs/500625 Issue Tracking, Patch ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/37993 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/38005 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://trac.transmissionbt.com/changeset/9829/ Patch (af854a3a-2127-422b-91ae-364da2661108)
http://trac.transmissionbt.com/wiki/Changes#version-1.77 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2010/dsa-1967 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mail-archive.com/debian-devel-changes%40lists.debian.org/msg264483.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2010/01/06/2 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2010/01/06/4 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2010/0071 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/55454 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.net/bugs/500625 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)