Bugtraq mailing list archives
Re: Team Asylum: Yahoo! Messenger DoS
From: atruiz () CBU EDU (Alan T. Ruiz)
Date: Fri, 1 Oct 1999 11:42:35 -0500
I still see the same problem in build 734. ----- Original Message ----- From: Team Asylum <security () TEAM-ASYLUM COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Tuesday, September 28, 1999 8:08 PM Subject: Team Asylum: Yahoo! Messenger DoS
Team Asylum Security Copyright (c) 1999 By CyberSpace 2000 http://www.team-asylum.com Source: Jason Pearsall [jason () team-asylum com] Alert Date: 09/18/99 Release Date: 09/27/99 Affected -------- - Yahoo! Messenger (build 733) for Windows 95/98. Product Description ------------------- Yahoo! Messenger is a multi-functional online IM client which offers not only instant messaging, but also content-driven features integrated into Yahoo!'s vast amount of information services such as stock market updates, e-mail, and news. Alert Description ----------------- A denial of service attack exists in build 733 of Yahoo! Messenger. The vulnerability exists when Messenger leaves port 5010 open. When a connection is made on port 5010, Messenger crashes. The connection stays open until the user closes the program. Malicious users can not only crash Yahoo! Messenger users, but it also gives them the capability of scanning and detecting Messenger users across wide networks by simply scanning port 5010. Fix --- Team Asylum has notified Yahoo! and they have released build 734. Yahoo! Messenger (Build 734) still has port 5010 open but will not crash if connections are made unto it. Yahoo! Messenger can be found at: http://messenger.yahoo.com
Current thread:
- Re: Team Asylum: Yahoo! Messenger DoS Alan T. Ruiz (Oct 01)
- <Possible follow-ups>
- Re: Team Asylum: Yahoo! Messenger DoS Don (Oct 01)