|
|
|
|
Kazaa File Download Vulnerability
|
|
Secunia Advisory:
|
SA8231
|
|
|
Release Date:
|
2003-03-06
|
|
Popularity:
|
8,355 views
|
|
|
Critical:
|
Not critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Kazaa 1.x
Kazaa 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
Description:
A vulnerability in Kazaa could be exploited by malicious people to corrupt the files other users download.
The vulnerability is caused by Kazaa only checking file name and size, when categorizing files for simultaneous downloads from multiple locations. A malicious person could therefore download a file and corrupt it by deleting the content by replacing it with NULL bytes or other arbitrary values with a hex editor keeping the same filename and file size. If another user downloaded part of the file as part of a simultaneous download from multiple locations, the file would be corrupted.
People with an interest in terrorising the Kazaa network would be able to exploit this vulnerability by registering multiple accounts and make many fake files with popular names available.
The users most affected by this vulnerability are those, who are using modems, ISDN or has other solutions, where they pay for the time online or amount of data downloaded.
Solution:
Only download legal files from trusted sources.
Provided and/or discovered by:
Bill Hendron
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
19th Nov, 2008
|
New advisories:
|
9 |
|
New vulnerabilities:
|
26 |
|
Updated advisories:
|
61 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
18th Nov, 2008
|
New advisories:
|
27 |
|
New vulnerabilities:
|
38 |
|
Updated advisories:
|
26 |
|
|
|
|
 Solutions | More...
|
|
|
|
Send Feedback to Secunia
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
|
