A severe arbitrary code execution in BitTorrent Sync affects various products

A security expert has discovered a severe vulnerability in BitTorrent Sync that can be exploited by a remote attacker to execute arbitrary code on a vulnerable machine.

The security expert Andrea Micalizzi, also known as “rgod,”, has discovered a serious vulnerability in BitTorrent Sync (CVE-2015-2846) can be exploited by a remote attacker to execute arbitrary code. The severity of the vulnerability has been rated as “high, in order to exploit the flaw the attacker have to trick the victim into visiting a malicious page or opening a specially crafted file. BitTorrent Sync is a proprietary peer-to-peer file synchronization application developed by BitTorrent, Inc. firm, it allows users to sync files between local or remote devices using on P2P protocol.

In August 2014, BitTorrent reported that BitTorrent Sync had more than 10 million installations, in November of the same year Andrea Micalizzi reported the flaw to BitTorrent through the HP’s Zero Day Initiative (ZDI).

“This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of BitTorrent Sync. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how BitTorrent Sync handles URLs with the btsync protocol. By navigating the user to a specially formed link starting with btsync:, an attacker can inject arbitrary command line parameters that will be passed to BTSync.exe. An attacker can leverage this vulnerability to execute code under the context of the current user.” reported an advisory published by ZDI.

BitTorrent has already issued a fix for the vulnerability in the BitTorrent Sync as reported at the following URL

https://www.getsync.com/

It is important to highlight that issue was identified in November 2014 and that security experts at BitTorrent addressed and fixed the issue within the week. I reached one of the members of the team that fixed the flaw that confirmed me that security remains the top priority for the company.

Numerous products are affected by the vulnerability in the BitTorrent Sync, including solutions from DELL, HP, IBM, Novell, IBM, Oracle, Rockwell Automation, Samsung, Schneider Electric and HP.

Pierluigi Paganini

(Security Affairs – BitTorrent Sync, peer-to-peer)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.