Tuesday, May 28, 2024

Critical Flaw in Popular BitTorrent Transmission Client Leads to an Attacker Perform Remote Hack into Your PC

A critical flaw discovered in BitTorrent Transmission client app that allows an attacker can remotely control the victims PC by using a method called DNS Rebinding which leads to Transmission control can remotely access by an attacker via a malicious website.

This bug was discovered by Google Researcher Tavis Ormandy and it serving under google zero-day project, it also belongs to 90-day disclosure deadline.

We can securely access the torrent using various VPN Servers and proxies and here is the ultimate torrent guide to reachout the torrent related website safely.

Bit Torrent Transmission Client performing download an seeding operation using Client and server architecture with helping of the daemon.

Tavis was tested his proof of concept on Firefox / Chrome and another platform that confirmed it exploit all the browsers.

Aso Read: Beware of Fake Spectre and Meltdown Patches Pushing Malware – Smoke Loader

How Does this Vulnerability Works in BitTorrent Client

Bit Torrent Transmission client app Interact with daemon by sending an JSON RPC and Daemon communicate to web servers that listen using 9091 port. in this case, daemon only accepts the request that coming from the local host.

In this case, based on the HTTP PRC scheme any website can send requests to the daemon with XMLHttpRequest, “but the theory is they will be ignored because requests must read and request a specific header, X-Transmission-Session-Id.”

But this method will be working if attacker using “DNS Rebinding” Attack that resolving the local host by any website can simply create a DNS name that they are authorized to communicate.

Tavis Explain the attack that working by following way.

1. A user visits http://attacker.com.
2. attacker.com has an <iframe> to attack.attacker.com, and have configured their DNS server to respond alternately with 127.0.0.1 and 123.123.123.123 (an address they control) with a very low TTL.
3. When the browser resolves to 123.123.123.123, they serve HTML that waits for the DNS entry to expire, then they XMLHttpRequest to attack.attacker.com and have permission to read and set headers.

Also, he Demonstrates the Transmission DNS Rebinding based on users transmission running in the default configuration.

So when users visited a malicious site BitTorrent Transmission client interface can be accessed remotely by an attacker.

Proof-of-concept in Public

Since its an open source project vulnerability, Ormandy fixed the bug and released the patch in public and also he released a POC that helps to test for DNS rebinding vulnerabilities in software.

Ormandy said, I’m finding it frustrating that the transmission developers are not responding on their private security list, I suggested moving this into the open so that distributions can apply the patch independently. I suspect they won’t reply, but let’s see.

“I’ve never had an opensource project take this long to fix a vulnerability before, so I usually don’t even mention the 90-day limit if the vulnerability is in an open source project. I would say the average response time is measured in hours rather months if we’re talking about open source.”

You can also find the Mitigate for DNS rebinding attacks against daemon in GitHub

Website

Latest articles

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles