|
Message-ID: <c0f13ad0-6b77-4071-b59e-db67aae48120@gentoo.org>
Date: Thu, 31 Oct 2024 00:27:51 -0400
From: Eli Schwartz <eschwartz@...too.org>
To: Sec Guy <0xsee4@...il.com>, oss-security@...ts.openwall.com
Subject: Re: qBittorrent RCE, Browser Hijacking vulnerabilities
On 10/30/24 7:43 PM, Sec Guy wrote:
> The secondary impact for all platforms is the update RSS feed can be
> poisoned with malicious update URLs which the user will open in their
> browser if they accept the prompt to update. This is browser hijacking and
> arbitrary exe delivery to a user who would likely trust whatever URL this
> software sent them to.
I researched this for our tracking ticket: https://bugs.gentoo.org/942569
The update RSS feed is activated here:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L308C1-L316
Dialog:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L1628-L1682
CheckProgramUpdate:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L1857-L1875
Settings loader:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/gui/mainwindow.cpp#L1413-L1430
Prefs window:
https://github.com/qbittorrent/qBittorrent/blob/84d895231cb5b67661042deae22d14b5f386342b/src/base/preferences.cpp#L1372-L1385
All this code is conditionally compiled under the condition:
#if defined(Q_OS_WIN) || defined(Q_OS_MACOS)
So, this secondary impact is, like the first impact, only an impact on
certain platforms -- two this time, instead of just one.
--
Eli Schwartz
Download attachment "OpenPGP_signature.asc" of type "application/pgp-signature" (237 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.