CVE-2010-0748
📋 TL;DR
This vulnerability in Transmission BitTorrent client allows attackers to cause denial of service (crash) or potentially execute arbitrary code via specially crafted magnet links containing excessive 'tr' arguments. It affects Transmission users running versions before 1.92 who process malicious magnet links.
💻 Affected Systems
- Transmission BitTorrent Client
📦 What is this software?
Transmission by Transmissionbt
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise
Likely Case
Application crash causing denial of service
If Mitigated
No impact if patched or workarounds applied
🎯 Exploit Status
Exploitation requires user to click/process malicious magnet link, but no authentication needed
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.92 and later
Vendor Advisory: https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314
Restart Required: Yes
Instructions:
1. Download Transmission 1.92 or later from official sources. 2. Stop Transmission service. 3. Install new version. 4. Restart Transmission service.
🔧 Temporary Workarounds
Disable magnet link handling
allPrevent Transmission from processing magnet links
Edit Transmission config to disable magnet link association
Network filtering
allBlock malicious magnet links at network perimeter
🧯 If You Can't Patch
- Isolate Transmission instances from untrusted networks
- Implement strict user education about clicking unknown magnet links
🔍 How to Verify
Check if Vulnerable:
Check Transmission version with 'transmission-daemon --version' or in GUICheck Version:
transmission-daemon --versionVerify Fix Applied:
Confirm version is 1.92 or higher📡 Detection & Monitoring
Log Indicators:
- Application crashes
- Unusually long magnet link processing
Network Indicators:
- Multiple failed connection attempts after magnet link processing
SIEM Query:
source="transmission.log" AND ("crash" OR "segfault" OR "magnet:")🔗 References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748
- https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314
- https://security-tracker.debian.org/tracker/CVE-2010-0748
- https://trac.transmissionbt.com/ticket/2965
- https://www.openwall.com/lists/oss-security/2010/04/01/9
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0748
- https://github.com/transmission/transmission/wiki/Release-Notes#transmission-192-20100314
- https://security-tracker.debian.org/tracker/CVE-2010-0748
- https://trac.transmissionbt.com/ticket/2965
- https://www.openwall.com/lists/oss-security/2010/04/01/9
