|
 |
|
Kazaa File Download Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA8231
|
|
|
Release Date:
|
2003-03-06
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Kazaa 1.x
Kazaa 2.x
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
A vulnerability in Kazaa could be exploited by malicious people to corrupt the files other users download.
The vulnerability is caused by Kazaa only checking file name and size, when categorizing files for simultaneous downloads from multiple locations. A malicious person could therefore download a file and corrupt it by deleting the content by replacing it with NULL bytes or other arbitrary values with a hex editor keeping the same filename and file size. If another user downloaded part of the file as part of a simultaneous download from multiple locations, the file would be corrupted.
People with an interest in terrorising the Kazaa network would be able to exploit this vulnerability by registering multiple accounts and make many fake files with popular names available.
The users most affected by this vulnerability are those, who are using modems, ISDN or has other solutions, where they pay for the time online or amount of data downloaded.
Solution:
Only download legal files from trusted sources.
Provided and/or discovered by:
Bill Hendron
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
3 Related Secunia Security Advisories
|
|
|
1. Kazaa Altnet Download Manager ActiveX Control Buffer Overflow
|
|
2. Kazaa Altnet Download Manager Buffer Overflow Vulnerability
|
|
3. Kazaa and FastTrack P2P Network Client Buffer Overflow Vulnerability
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
