Vulnerability Development mailing list archives

Re: Napster a little insecure?

From: hnt () GMX AT (Thomas Maschutznig)
Date: Sat, 29 Jan 2000 15:52:20 +0100


There _IS_ some kind of check, which files are being sent..
I've heard of three actually
(dont take this as 100% sure.. PLEASE)

.) As Said below, it checks for ID3-Tags..
I doubt this, as not all MP3s have an ID3Tag and dont HAVE to have one

.) It will only send files with ".mp3" as extension
Sounds ok, and with napster, I never found a file, that didnt have mp3 as
extension

.) Napster only checks in the directory, you specify it to look for MP3s,
you wanna share
Well, would be reasonable to do so ;)

Eagerly waiting for 25 "I-am-currently-on-vacation"-autoreplys,

         T

That may be true but i've once heard that napster doesn't allow the
transfer of the files which don't have ID3 Tag (I haven't tried that)
-- snip --

On Thu, 27 Jan 2000, Dennis Miller wrote:

I'm running Napster v2.0 Build 1318 which is a freeware utility to share
MP3's across
the internet located at http://www.napster.com <http://www.napster.com> .
Notice Napster sends the complete location of the file(s) being sent.  Does
this mean that there is a way to coax the client to offer up ANY file?

Current thread:

Napster a little insecure? Dennis Miller (Jan 27)
- Re: Napster a little insecure? Gunes Sen (Jan 27)
- Re: Napster a little insecure? Jordan Ritter (Jan 28)
- IIS4.0 .htw vulnerability Fricke, Gregory D. (Jan 28)
- <Possible follow-ups>
- Re: Napster a little insecure? Thiago Mello (Jan 28)
  - Re: Napster a little insecure? Sebastian (Jan 29)
  - Re: Napster a little insecure? technot (Jan 29)
- Re: Napster a little insecure? Thomas Maschutznig (Jan 29)
  - Re: Napster a little insecure? Mark Shirley (Jan 30)
  - Re: Napster a little insecure? WHiTe VaMPiRe (Jan 30)
- Re: Napster a little insecure? Jordan Ritter (Jan 30)
- Re: Napster a little insecure? Maniac . (Jan 30)