Bugtraq mailing list archives
Team Asylum: Yahoo! Messenger DoS
From: security () TEAM-ASYLUM COM (Team Asylum)
Date: Tue, 28 Sep 1999 21:08:18 -0400
Team Asylum Security Copyright (c) 1999 By CyberSpace 2000 http://www.team-asylum.com Source: Jason Pearsall [jason () team-asylum com] Alert Date: 09/18/99 Release Date: 09/27/99 Affected -------- - Yahoo! Messenger (build 733) for Windows 95/98. Product Description ------------------- Yahoo! Messenger is a multi-functional online IM client which offers not only instant messaging, but also content-driven features integrated into Yahoo!'s vast amount of information services such as stock market updates, e-mail, and news. Alert Description ----------------- A denial of service attack exists in build 733 of Yahoo! Messenger. The vulnerability exists when Messenger leaves port 5010 open. When a connection is made on port 5010, Messenger crashes. The connection stays open until the user closes the program. Malicious users can not only crash Yahoo! Messenger users, but it also gives them the capability of scanning and detecting Messenger users across wide networks by simply scanning port 5010. Fix --- Team Asylum has notified Yahoo! and they have released build 734. Yahoo! Messenger (Build 734) still has port 5010 open but will not crash if connections are made unto it. Yahoo! Messenger can be found at: http://messenger.yahoo.com
Current thread:
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy], (continued)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Tymm Twillman (Sep 26)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Solar Designer (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 27)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
- Re: ufsdump problem under Solaris 2.6 with ufs.c Carson Gaspar (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sean-Paul Rees (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Valdis.Kletnieks () VT EDU (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Alan Cox (Sep 28)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Mike Iglesias (Sep 28)
- Team Asylum: iHTML Merchant Vulnerabilities Team Asylum (Sep 28)
- Team Asylum: Yahoo! Messenger DoS Team Asylum (Sep 28)
- Sun's TTSESSION Vulnerability Bauer, Rich (Sep 29)
- Re: Sun's TTSESSION Vulnerability Richard L. Goerwitz (Sep 29)
- WWWBoard Elias Levy (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Dan Astoorian (Sep 29)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Sylvain Robitaille (Sep 29)
- Historical Bugtraq Question Alfred Huger (Sep 30)
- Microsoft Security Bulletin (MS99-041) Aleph One (Sep 30)
- mini-sql Buffer Overflow gregory duchemin (Sep 30)
- ufsdump problem under Solaris 2.6 with ufs.c posix (Sep 27)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Tymm Twillman (Sep 26)
- Re: [Fwd: Truth about ssh 1.2.27 vulnerabiltiy] Eric Griffis (Sep 28)