Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <c0f13ad0-6b77-4071-b59e-db67aae48120@gentoo.org>
Date: Thu, 31 Oct 2024 00:27:51 -0400
From: Eli Schwartz <eschwartz@...too.org>
To: Sec Guy <0xsee4@...il.com>, oss-security@...ts.openwall.com
Subject: Re: qBittorrent RCE, Browser Hijacking vulnerabilities

On 10/30/24 7:43 PM, Sec Guy wrote:
> The secondary impact for all platforms is the update RSS feed can be
> poisoned with malicious update URLs which the user will open in their
> browser if they accept the prompt to update. This is browser hijacking and
> arbitrary exe delivery to a user who would likely trust whatever URL this
> software sent them to.


I researched this for our tracking ticket: https://bugs.gentoo.org/942569

The update RSS feed is activated here:

https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L308C1-L316

Dialog:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L1628-L1682

CheckProgramUpdate:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L1857-L1875


Settings loader:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L1413-L1430


Prefs window:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/base/preferences.cpp#L1372-L1385

All this code is conditionally compiled under the condition:

#if defined(Q_OS_WIN) || defined(Q_OS_MACOS)


So, this secondary impact is, like the first impact, only an impact on
certain platforms -- two this time, instead of just one.


-- 
Eli Schwartz


Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.