Patrick Gray
Users of file sharing programs such as Kazza and iMesh are urged to install a security patch following a discovery of a serious bug in their underlying network.
A security researcher recently found a potentially critical vulnerability in the program which drives the FastTrack network. Fastrack is used by peer-to-peer(p2p) software including Kazaa and iMesh. Joltid, the maker of Fastrack, initially said the flaw was not serious, but has since done an about-face and plans to plug the loophole.
The makers of Kazaa will release a patch within the next 24 hours and is urging customers to install it "as soon as possible".
According to the original security advisory, published on the Full Disclosure security mailing list, attackers can take control of or crash the FastTrack "supernodes" that p2p users connect to.
"It's definitely a serious risk. Just ask anyone if executing arbitrary code is a serious risk or not," the researcher told ZDNet Australia.
http://asia.cnet.com/newstech/securi...9133858,00.htm