Vulnerability Name:

CVE-2012-6129 (CCN-83230)

Assigned:2012-12-06
Published:2013-02-13
Updated:2013-04-03
Summary:Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted "micro transport protocol packets."
Per http://www.ubuntu.com/usn/USN-1747-1/ "A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 12.10
Ubuntu 12.04 LTS
Ubuntu 11.10"

Per https://bugzilla.redhat.com/show_bug.cgi?id=909934 "
This issue affects the version of the transmission package, as shipped with Fedora release of 16. Please schedule an update."
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
6.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2012-6129

Source: SUSE
Type: UNKNOWN
openSUSE-SU-2013:0485

Source: MLIST
Type: UNKNOWN
[oss-security] 20130212 Re: CVE request: Transmission can be made to crash remotely

Source: CCN
Type: Transmission Web Site
Transmission

Source: UBUNTU
Type: UNKNOWN
USN-1747-1

Source: CCN
Type: Red Hat Bugzilla Bug 909934
CVE-2012-6129 transmission: Stack-based buffer overflow (DoS) when processing acknowledgements

Source: MISC
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=909934

Source: XF
Type: UNKNOWN
transmission-utpprocessincoming-bo(83230)

Source: MISC
Type: Exploit, Patch
https://trac.transmissionbt.com/changeset/13646

Source: MISC
Type: UNKNOWN
https://trac.transmissionbt.com/ticket/5002

Vulnerable Configuration:Configuration 1:
  • cpe:/a:transmissionbt:transmission:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.80:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.81:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.82:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.94:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.95:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:0.96:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.00:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.01:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.02:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.2:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.03:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.04:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.05:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.06:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.10:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.11:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.20:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.21:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.22:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.30:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.31:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.32:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.33:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.34:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.40:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.41:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.42:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.50:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.51:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.52:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.53:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.54:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.60:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.61:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.70:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.71:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.72:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.73:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.74:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.75:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.76:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.77:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.80:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.81:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.82:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.83:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.90:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.91:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.92:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:1.93:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.00:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.01:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.02:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.03:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.04:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.10:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.11:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.12:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.13:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.20:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.21:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.22:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.30:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.31:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.32:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.33:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.40:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.41:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.42:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.50:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.51:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.52:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.60:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.61:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.70:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.71:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:2.72:*:*:*:*:*:*:*
  • OR cpe:/a:transmissionbt:transmission:*:*:*:*:*:*:*:* (Version <= 2.73)

    • Configuration 2:
  • cpe:/o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
  • OR cpe:/o:fedoraproject:fedora:16:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:17847
    P
    		USN-1747-1 -- transmission vulnerability
    2014-06-30
    oval:org.opensuse.security:def:20126129
    V
    		CVE-2012-6129
    2014-01-28
    oval:com.ubuntu.precise:def:20126129000
    V
    		CVE-2012-6129 on Ubuntu 12.04 LTS (precise) - medium.
    2013-04-02
    BACK
    transmissionbt transmission 0.1
    transmissionbt transmission 0.2
    transmissionbt transmission 0.3
    transmissionbt transmission 0.4
    transmissionbt transmission 0.5
    transmissionbt transmission 0.6
    transmissionbt transmission 0.6.1
    transmissionbt transmission 0.70
    transmissionbt transmission 0.71
    transmissionbt transmission 0.72
    transmissionbt transmission 0.80
    transmissionbt transmission 0.81
    transmissionbt transmission 0.82
    transmissionbt transmission 0.90
    transmissionbt transmission 0.91
    transmissionbt transmission 0.92
    transmissionbt transmission 0.93
    transmissionbt transmission 0.94
    transmissionbt transmission 0.95
    transmissionbt transmission 0.96
    transmissionbt transmission 1.00
    transmissionbt transmission 1.01
    transmissionbt transmission 1.02
    transmissionbt transmission 1.2
    transmissionbt transmission 1.03
    transmissionbt transmission 1.04
    transmissionbt transmission 1.05
    transmissionbt transmission 1.06
    transmissionbt transmission 1.10
    transmissionbt transmission 1.11
    transmissionbt transmission 1.20
    transmissionbt transmission 1.21
    transmissionbt transmission 1.22
    transmissionbt transmission 1.30
    transmissionbt transmission 1.31
    transmissionbt transmission 1.32
    transmissionbt transmission 1.33
    transmissionbt transmission 1.34
    transmissionbt transmission 1.40
    transmissionbt transmission 1.41
    transmissionbt transmission 1.42
    transmissionbt transmission 1.50
    transmissionbt transmission 1.51
    transmissionbt transmission 1.52
    transmissionbt transmission 1.53
    transmissionbt transmission 1.54
    transmissionbt transmission 1.60
    transmissionbt transmission 1.61
    transmissionbt transmission 1.70
    transmissionbt transmission 1.71
    transmissionbt transmission 1.72
    transmissionbt transmission 1.73
    transmissionbt transmission 1.74
    transmissionbt transmission 1.75
    transmissionbt transmission 1.76
    transmissionbt transmission 1.77
    transmissionbt transmission 1.80
    transmissionbt transmission 1.81
    transmissionbt transmission 1.82
    transmissionbt transmission 1.83
    transmissionbt transmission 1.90
    transmissionbt transmission 1.91
    transmissionbt transmission 1.92
    transmissionbt transmission 1.93
    transmissionbt transmission 2.00
    transmissionbt transmission 2.01
    transmissionbt transmission 2.02
    transmissionbt transmission 2.03
    transmissionbt transmission 2.04
    transmissionbt transmission 2.10
    transmissionbt transmission 2.11
    transmissionbt transmission 2.12
    transmissionbt transmission 2.13
    transmissionbt transmission 2.20
    transmissionbt transmission 2.21
    transmissionbt transmission 2.22
    transmissionbt transmission 2.30
    transmissionbt transmission 2.31
    transmissionbt transmission 2.32
    transmissionbt transmission 2.33
    transmissionbt transmission 2.40
    transmissionbt transmission 2.41
    transmissionbt transmission 2.42
    transmissionbt transmission 2.50
    transmissionbt transmission 2.51
    transmissionbt transmission 2.52
    transmissionbt transmission 2.60
    transmissionbt transmission 2.61
    transmissionbt transmission 2.70
    transmissionbt transmission 2.71
    transmissionbt transmission 2.72
    transmissionbt transmission *
    canonical ubuntu linux 11.10
    canonical ubuntu linux 12.04 -
    canonical ubuntu linux 12.10
    fedoraproject fedora 16