Launchpad CVE tracker

CVE 2010-0012

Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file.

Related bugs and status

CVE-2010-0012 (Candidate) is related to these bugs:

Bug #496503: Update transmission to 1.80b5

Summary				In	Importance	Status
	496503	Update transmission to 1.80b5		transmission (Ubuntu)	Wishlist	Fix Released

Bug #500625: Local file overwriting due to directory traversal

		In	Importance	Status
500625	Local file overwriting due to directory traversal	transmission (Ubuntu)	Medium	Fix Released
500625	Local file overwriting due to directory traversal	transmission (Ubuntu Hardy)	Medium	Fix Released
500625	Local file overwriting due to directory traversal	transmission (Ubuntu Intrepid)	Medium	Fix Released
500625	Local file overwriting due to directory traversal	transmission (Ubuntu Karmic)	Medium	Fix Released
500625	Local file overwriting due to directory traversal	transmission (Ubuntu Lucid)	Medium	Fix Released
500625	Local file overwriting due to directory traversal	transmission (Ubuntu Jaunty)	Medium	Fix Released
500625	Local file overwriting due to directory traversal	Hardy Backports	Medium	Won't Fix

Bug #508178: [transmission] Local file overwriting due to directory traversal

Summary				In	Importance	Status
	508178	[transmission] Local file overwriting due to directory traversal		Hardy Backports	Undecided	New

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-0012

References