Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
From: Markus Kern (markus-kern_at_gmx.net)
Date: 01/18/05
- Previous message: Berend-Jan Wever: "Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- In reply to: Rafel Ivgi, The-Insider: "[Full-Disclosure] Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Next in thread: Markus Kern: "[Full-Disclosure] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Reply: Markus Kern: "[Full-Disclosure] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Reply: Markus Kern: "Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 18 Jan 2005 23:59:51 +0100 To: "Rafel Ivgi, The-Insider" <theinsider@012.net.il>
On Monday, January 17, 2005, 9:40:47 PM Rafel Ivgi, The-Insider <theinsider@012.net.il> wrote:
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> Application: Kazaa
> Vendors: http://www.kazaa.com
> Versions: kazaa lite k++(probably all others too...)
> Platforms: Windows
> Bug: Sig2Dat Protocol Remote Integer Overflow and
> Denial Of Service by creating files in arbitrary
> locations
> Exploitation: Remote With Browser
> Date: 17 Jan 2005
> Author: Rafel Ivgi, The-Insider
> E-Mail: the_insider@mail.com
> Website: http://theinsider.deep-ice.com
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> 1) Introduction
> 2) Bugs
> 3) The Code
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> ===============
> 1) Introduction
> ===============
> Kazaa is currently the world’s most common P2P file sharing application.
> When installing Kazaa a new protocol is installed named “sig2dat”.
This is incorrect. Kazaa itself does not install a handler for the
'sig2dat' URIs. In fact it doesn't even know about them. The sig2dat
URIs are created and handled by a third party tool [1] which contains
the described flaws and happens to be included in the (unofficial)
Kazaa Lite package.
The official Kazaa from http://www.kazaa.com does not handle sig2dat
URIs and is not vulnerable.
> This protocol contain an integer overflow vulnerability which may cause
> a crash and may allow remote execution of code. There is another
> vulnerability in the “File:” parameter which allows creating files in
> arbitrary locations and committing Denial Of Service.
[1] sig2dat, http://www.geocities.com/vlaibb/tools.html
(The design and code of this thing are horrific and there are no
doubt plenty of other bugs to be found)
-- Markus Kern
- Previous message: Berend-Jan Wever: "Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- In reply to: Rafel Ivgi, The-Insider: "[Full-Disclosure] Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Next in thread: Markus Kern: "[Full-Disclosure] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Reply: Markus Kern: "[Full-Disclosure] Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Reply: Markus Kern: "Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
