|
Kazaa and FastTrack P2P Network Client Buffer Overflow Vulnerability
|
|
Secunia Advisory:
|
SA8868
|
|
|
Release Date:
|
2003-05-28
|
|
Popularity:
|
15,809 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
DoS
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | FastTrack P2P
Grokster 1.x
iMesh 3.x
Kazaa 1.x
Kazaa 2.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
A vulnerability has been identified in FastTrack, the technology behind Kazaa, Grokster, iMesh and possibly other P2P (peer-to-peer) network clients. The vulnerability could be exploited to cause a Denial of Service on the so called supernodes and potentially also compromise of these.
Explanation: Supernodes are clients that have a high uptime, large bandwidth, a public IP address, powerful CPU and a large amount of RAM. Supernodes keep tracks of other supernodes and of clients that are logged onto the network.
Facts: There is about 3 million supernodes, which each serves up to 300 "ordinary" clients.
Any user of a P2P client, which is based upon FastTrack, could unknowingly become a supernode (this is not necessarily true for all kinds of client software, as it may require user acceptance).
The problem is that the client acting as a supernode accepts incoming requests with information about other supernodes. The packets sent to the supernode may only contain information about 200 other supernodes. If the packet contains information about 203 or more supernodes, it may overflow the allocated buffer. This causes the supernode to crash.
It has also been reported, that this could be exploited to execute arbitrary code on the supernode with a 50% success ratio. This, however, has not been confirmed.
This vulnerability could be exploited to lay down all P2P networks based upon FastTrack.
If it is possible to execute arbitrary code on the vulnerable supernodes, then this vulnerability could be exploited by a worm or virus.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
10th Jul, 2009
|
New advisories:
|
11 |
|
New vulnerabilities:
|
18 |
|
Updated advisories:
|
46 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 Solutions | More...
|
|
