uTorrent 1.7.7 Stable Released

Fixes security issue that allowed hackers to execute DOS attacks via WebUI and the potential to do so with extension protocol.

Earlier this month it was reported how the uTorrent BitTorrent server server was vulnerable to a remote crash bug via WebUI.

Luigi Auriemma, the security expert who discovered the flaw, pointed it out in his advisory listing page. He wrote:

Exists a problem with the handling of the Range header received in the HTTP request of the browser which can be exploited for crashing the remote uTorrent/BitTorrent client if the WebUI interface is in use.

For doing this is enough that an attacker sends some consecutive HTTP requests using a Range header which increases each time. After about 40 connections the client crashes due to the access to the end of the available memory.

uTorrent developers were to quick to release an updated version that addressed the remote crash bug, but not the (potential) remote crash bug with extension protocol. uTorrent 1.7.7 Stable does.

RELEASE NOTES:
2008-01-25: Version 1.7.7 (build 8179)

• Fix: remote crash bug in WebUI
• Fix: (potential) remote crash bug with extension protocol (affects all 1.4, 1.5, 1.6, 1.7, and 1.8 builds released to date)

DOWNLOAD uTORRENT 1.7.7 STABLE

Related Posts

1. uTorrent 1.7 Stable is Released
2. uTorrent version 1.6.1 build 488 STABLE is released
3. uTorrent Version 1.8 Stable Released
4. uTorrent for Mac Beta Released
5. uTorrent “Highly Critical” Vulnerability Discovered