'Serious' Vulnerability In KaZaA - Users Urged to Install Patch - P2P-Zone

JackSpratts · 27-05-03, 08:47 AM

Patrick Gray

Users of file sharing programs such as Kazza and iMesh are urged to install a security patch following a discovery of a serious bug in their underlying network.

A security researcher recently found a potentially critical vulnerability in the program which drives the FastTrack network. Fastrack is used by peer-to-peer(p2p) software including Kazaa and iMesh. Joltid, the maker of Fastrack, initially said the flaw was not serious, but has since done an about-face and plans to plug the loophole.

The makers of Kazaa will release a patch within the next 24 hours and is urging customers to install it "as soon as possible".

According to the original security advisory, published on the Full Disclosure security mailing list, attackers can take control of or crash the FastTrack "supernodes" that p2p users connect to.

"It's definitely a serious risk. Just ask anyone if executing arbitrary code is a serious risk or not," the researcher told ZDNet Australia.
http://asia.cnet.com/newstech/securi...9133858,00.htm

27-05-03, 08:47 AM	#1
JackSpratts Join Date: May 2001 Location: New England Posts: 10,018	'Serious' Vulnerability In KaZaA - Users Urged to Install Patch Patrick Gray Users of file sharing programs such as Kazza and iMesh are urged to install a security patch following a discovery of a serious bug in their underlying network. A security researcher recently found a potentially critical vulnerability in the program which drives the FastTrack network. Fastrack is used by peer-to-peer(p2p) software including Kazaa and iMesh. Joltid, the maker of Fastrack, initially said the flaw was not serious, but has since done an about-face and plans to plug the loophole. The makers of Kazaa will release a patch within the next 24 hours and is urging customers to install it "as soon as possible". According to the original security advisory, published on the Full Disclosure security mailing list, attackers can take control of or crash the FastTrack "supernodes" that p2p users connect to. "It's definitely a serious risk. Just ask anyone if executing arbitrary code is a serious risk or not," the researcher told ZDNet Australia. http://asia.cnet.com/newstech/securi...9133858,00.htm

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Switch to Linear Mode Switch to Hybrid Mode Threaded Mode