Vulnerability Development mailing list archives
Reported Kazaa and Morpheus vulnerabilities
From: "Carlos Gaona" <cgaonau () hotmail com>
Date: Mon, 4 Feb 2002 04:07:16 -0500
Yes, i read about this on several medias, including one security website... but as ar as i know this is a known -maybe not well-known- un-elegant feature of thefile-sharing system. As ar as i know there is no security threat compromising files beyond the ones that are already share. Once you download a file trough, the software detected and process it normaly. There isn't (as far as i know) anything like " ../ " path problems or unicode related... and i "think" a DoS is not probable.The only "interesting" stuff is the curious way Kazaa represent the path to the files, preceding it with a directory not physical present on the hard disk directories.The only way this could be used is on really stupid people.. people like the bbc journalist we may say... Carlos Gaona U. ndr113 () 350cc com
----- Original Message ----- From: "HarryM" <harrym () the-group org> To: <vuln-dev () securityfocus com> Sent: Monday, February 04, 2002 12:31 AM Subject: Reported Kazaa and Morpheus vulnerabilitiesRE the article on the BBCs website at http://news.bbc.co.uk/hi/english/sci/tech/newsid_1798000/1798095.stm I just searched the archives at Securityfocus and CERT and neitherproducedany relavent results I mean, pointing a browser to http://ip_address:1214/ does give a list
of
files... it gives the list of files that you're sharing. So what? Anyone know anything about this? Harry M
Current thread:
- Re: Reported Kazaa and Morpheus vulnerabilities, (continued)
- Re: Reported Kazaa and Morpheus vulnerabilities Qazi M. M. Ahmed (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities HarryM (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities Stanley G. Bubrouski (Feb 04)
- Re: Reported Kazaa and Morpheus vulnerabilities dreamwvr () dreamwvr com (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Elan Hasson (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities Colby Marks (Feb 07)
- Re: Reported Kazaa and Morpheus vulnerabilities tfm (Feb 04)
- RE: Reported Kazaa and Morpheus vulnerabilities leon (Feb 05)
- Re: Reported Kazaa and Morpheus vulnerabilities Arta (Feb 05)
- RE: Reported Kazaa and Morpheus vulnerabilities Sven Kamphuis (Feb 10)
- RE: Reported Kazaa and Morpheus vulnerabilities leon (Feb 05)
- Reported Kazaa and Morpheus vulnerabilities Carlos Gaona (Feb 03)
- Message not available
- Re: Reported Kazaa and Morpheus vulnerabilities Carlos Gaona (Feb 04)
- Message not available
- Re: Reported Kazaa and Morpheus vulnerabilities Blue Boar (Feb 04)