Bugtraq mailing list archives
Yahoo Pager - security bug w/ services 7,8
From: nneul () UMR EDU (Nathan Neulinger)
Date: Fri, 25 Dec 1998 09:31:21 -0600
I've been working on a GTK (unix) yahoo pager client based on Doug Winslow's yppro2.c source and found the following security problem while testing some client functionality. Any user can send a packet with service #7 or #8 and activate/deactivate an identity, even if it isn't your own alternate identity. It does appear that the primary id for the identity affected has to be logged on though. If you send a message to that id, it does go to the correct destination. The problem is, it can be abused simply by someone logging on and deactivating an identity for someone else, which makes it look like that id logged off. The fix - when your server handles a id-activate/id-deactivate service request, it should make sure that request is coming from the primary ID for that identity. (You should be able to do that without a protocol version change.) -- Nathan
Current thread:
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules plasmoid deep/thc/clb (Dec 24)
- another X-Mas present :) vh (Dec 24)
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Mark K. Pettit (Dec 24)
- 3Com HiPer ARC vulnerable to nestea attack Olaf Selke (Dec 25)
- Yahoo Pager - security bug w/ services 7,8 Nathan Neulinger (Dec 25)
- <Possible follow-ups>
- Re: Merry Christmas to Sun! (Was: L0pht NFR N-Code Modules Scott D. Yelich (Dec 24)