Reported Kazaa and Morpheus vulnerabilities

["Carlos Gaona" <cgaonau () hotmail com>]

 Yes, i read about this on several medias, including one security website...
but as ar as i know this is a known -maybe not well-known- un-elegant
feature of thefile-sharing system. As ar as i know there is no security
threat compromising files beyond the ones that are already share. Once you
download a file trough, the software detected and process it normaly. There
isn't (as far as i know) anything like " ../ " path problems or unicode
related... and i "think" a DoS is not probable.The only "interesting" stuff
is the curious way Kazaa represent the path to the files, preceding it with
a directory not physical present on the hard disk directories.The only way
this could be used is on really stupid people.. people like the bbc
journalist we may say...


 Carlos Gaona U.
 ndr113 () 350cc com

> ----- Original Message -----
> From: "HarryM" <harrym () the-group org>
> To: <vuln-dev () securityfocus com>
> Sent: Monday, February 04, 2002 12:31 AM
> Subject: Reported Kazaa and Morpheus vulnerabilities
>
>
> > RE the article on the BBCs website at
> > http://news.bbc.co.uk/hi/english/sci/tech/newsid_1798000/1798095.stm
> >
> > I just searched the archives at Securityfocus and CERT and neither
> produced
> > any relavent results
> >
> > I mean, pointing a browser to http://ip_address:1214/ does give a list
of
> > files... it gives the list of files that you're sharing. So what?
> >
> > Anyone know anything about this?
> >
> > Harry M