{ "CVE_data_meta": { "ASSIGNER": "secalert@redhat.com", "ID": "CVE-2010-0012", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a pathname within a .torrent file." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "http://trac.transmissionbt.com/wiki/Changes#version-1.77", "refsource": "CONFIRM", "url": "http://trac.transmissionbt.com/wiki/Changes#version-1.77" }, { "name": "[oss-security] 20100106 Re: CVE Request: Transmission", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/01/06/4" }, { "name": "https://launchpad.net/bugs/500625", "refsource": "CONFIRM", "url": "https://launchpad.net/bugs/500625" }, { "name": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz", "refsource": "CONFIRM", "url": "http://security.debian.org/pool/updates/main/t/transmission/transmission_1.22-1+lenny2.diff.gz" }, { "name": "http://trac.transmissionbt.com/changeset/9829/", "refsource": "CONFIRM", "url": "http://trac.transmissionbt.com/changeset/9829/" }, { "name": "38005", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38005" }, { "name": "ADV-2010-0071", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0071" }, { "name": "DSA-1967", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-1967" }, { "name": "transmission-name-directory-traversal(55454)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55454" }, { "name": "[oss-security] 20100106 CVE Request: Transmission", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2010/01/06/2" }, { "name": "37993", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/37993" }, { "name": "SUSE-SA:2010:008", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html" }, { "name": "[debian-devel-changes] 20100105 Accepted transmission 1.77-1 (source all amd64)", "refsource": "MLIST", "url": "http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg264483.html" } ] } }