Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: PSI not detecting vulnerable uTorrent 1.x and 2.x correctly

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Programs

Relating to this vendor:
BitTorrent, Inc
And, this specific program:
uTorrent for Windows 2.x

This thread has been marked as locked.
tanstaafl PSI not detecting vulnerable uTorrent 1.x and 2.x correctly
Member 30th Aug, 2010 21:43
Ranking: 1
Posts: 3
User Since: 23rd Feb, 2009
System Score: N/A
Location: US
uTorrent recently released version 2.0.4 to fix the dll loading vulnerability. I've installed the latest update (uTorrent 2.0.4 build 21586) and I also have backups of some older uTorrent versions still on my sytem. The backups aren't being run, but all of them are in directories scanned by Secunia PSI.

I just scanned my computer with the Secunia PSI, and that incorectly detected a backup copy of the uTorrent 2.0.4 build 21515 executable as insecure. It's buggy, yes, but not subject to the exploit.

The Secunia PSI scan did not detect backup copies of 1.8.1, 1.8.5, or 2.0.0 as insecure, even though those are all insecure versions.

Before posting here, I asked in the uTorrent 2.0.4 release thread (on the uTorrent web site) to confirm the specific versions subject to the exploit, and was told:

"ALL versions with a build number lower than 21515 are potentially vulnerable, not just 2.x.x lines.

It doesn't matter what version of uTorrent it is (windows only), if its build number is lower than 21515, it is potentially vulnerable to this exploit."

So it looks to me like the Secunia database needs to be updated to properly detect the insecure uTorrent versions.

For more information, here's a link to the uTorrent 2.0.4 release thread on the uTorrent web site:

http://forum.utorrent.com/viewtopic.php?id=82840&p...

Anthony Wells RE: PSI not detecting vulnerable uTorrent 1.x and 2.x correctly
Expert Contributor 30th Aug, 2010 22:10
Score: 2437
Posts: 3,323
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 30th Aug, 2010 22:29
Hi @tanstaafl ,

To clarify things ; the SA refers to only version 2.0.4 with no mention of builds and your link shows all 3 builds including 21431 as "patching" the vulnerability :-

http://secunia.com/advisories/41051/

Like you I have build 21586 showing in the patched tab of the PSI ; for Secunia to get their detection rules correct , it might help if you can confirm whether only two or all three builds patch the .dll vulnerability .

Where exactly are your back up versions installed and do they display in the "patched" tab or not at all ?? the PSI will scan anything it can get it's hands on . Secunia would need more info to see/say whether your back-ups can/should be detected and results displayed ***.

Hopefully Support will pick up on this matter tomorrow .

Take care

Anthony

EDIT *** : silly question , have you set ignore rules for your backup locations by any chance ??

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+2
-0
tanstaafl RE: PSI not detecting vulnerable uTorrent 1.x and 2.x correctly
Member 31st Aug, 2010 00:32
Score: 1
Posts: 3
User Since: 23rd Feb 2009
System Score: N/A
Location: US
Just to get the record straight: I'm not on the uTorrent team or particularly knowledgeable. I'm just a user of the program, and all I really know about all this is what's posted in the 2.0.4 release thread in the uTorrent forums (link in my first post above).

To answer the silly question first: I have no ignore rules set.

Here's what Secunia reports on the patched and insecure tabs for uTorrent:

-------------------------------------------------- --------------------------

On the patched tab:

"uTorrent 1.x 1.8.5.17091
uTorrent 1.x
This installation of uTorrent 1.x was detected as being patched.

The Secunia PSI has not detected any missing security related patches for this program. No further actions are currently needed. Installation Path
C:\My Program Files\uTorrent 1-8-5\uTorrent 1-8-5 - Program & settings\utorrent.exe"

The above is an insecure 1.8.5 version, which I stopped using when I found out about the security issue. Should be on the insecure tab.

-------------------------------------------------- --------------------------

Also on the patched tab:

"uTorrent 2.x 2.0.4.21586
uTorrent 2.x
This installation of uTorrent 2.x was detected as being patched.

The Secunia PSI has not detected any missing security related patches for this program. No further actions are currently needed. Installation Path
C:\My Program Files\uTorrent\utorrent.exe"

This is the 2.0.4 build 21586 version I'm currently using. This is the latest secure version, so the patched tab is the correct place for it.

-------------------------------------------------- --------------------------

And on the Insecure tab:

uTorrent 2.x 2.0.4.21515
uTorrent 2.x
This installation of uTorrent 2.x is insecure and potentially exposes your system to security threats!

Secunia strongly recommends that you update this program by installing the update that is provided by the vendor of this program.
Installation Path
D:\Data Files\ZipSaves\utorrent\uTorrent 2.0.4\utorrent.exe

This is my backup of uTorrent 2.0.4 build 21515. Buggy but has the patch to fix the exploit. Should be on the patched tab.

-------------------------------------------------- --------------------------

Not listed on any of the Secunia tabs are these backup copies:

"D:\Data Files\ZipSaves\utorrent\utorrent 1.8.1\utorrent.exe" (Version 1.8.1; Build 12616) Insecure, but not listed on any tab.

"D:\Data Files\ZipSaves\utorrent\utorrent 1.8.5\utorrent.exe" (Version 1.8.5; Build 17091) Insecure, but not listed on any tab. This same file version, on the 'C:' drive, is listed on the patched tab.

"D:\Data Files\ZipSaves\utorrent\uTorrent 2.0\utorrent.exe" This may be a corrupt file; the file 'Properties | Details' doesn't show the version, file name, etc.

-------------------------------------------------- --------------------------

That's all I can think of at the moment; real life is calling so I've got to stop here. If I think of more, I'll try to get back to this later.
Was this reply relevant?
+1
-0
This user no longer exists RE: PSI not detecting vulnerable uTorrent 1.x and 2.x correctly
Member 31st Aug, 2010 09:42
Hi,

For the flles not being detected, could you submit a software suggestion for each?
To do this, scroll to the bottom of the Patched or Insecure tab, and click "Program Missing?".

Please put "Attn: Emil" in the name field.
Was this reply relevant?
+0
-0
E.Jeppesen RE: PSI not detecting vulnerable uTorrent 1.x and 2.x correctly
Secunia Official 31st Aug, 2010 10:11
Score: 220
Posts: 618
User Since: 24th Nov 2008
System Score: N/A
Location: Copenhagen, DK
To be patched using uTorrent 1.x you currently need version 1.8.0.
To be patched using uTorrent 2.x you currently need version 2.0.4.

I have installed both uTorrent 1.8.1 build 12616 and uTorrent 1.8.5 build 17091. Both were correctly detected as patched.
tanstaafl RE: PSI not detecting vulnerable uTorrent 1.x and 2.x correctly
Member 31st Aug, 2010 13:02
Score: 1
Posts: 3
User Since: 23rd Feb 2009
System Score: N/A
Location: US
Last edited on 31st Aug, 2010 13:23
on 31st Aug, 2010 09:42, wrote:
Hi,

For the flles not being detected, could you submit a software suggestion for each?
To do this, scroll to the bottom of the Patched or Insecure tab, and click "Program Missing?".

Please put "Attn: Emil" in the name field.


Done.

(I didn't submit the undetected 2.0 version I listed in my previous post, because I think the file is corrupt: doesn't display the uTorrent icon and it's missing a lot of info on the Properties tabs.)
Was this reply relevant?
+0
-0
This user no longer exists RE: PSI not detecting vulnerable uTorrent 1.x and 2.x correctly
Member 1st Sep, 2010 09:35
Hi,

If you scan again, all your instances of uTorrent should hopefully be shown.
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability