Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Denial of service against Kazaa Media Desktop v2
From: Marc Ruef <marc.ruef () computec ch>
Date: Sun, 02 Feb 2003 21:54:26 +0100
Hi!

It is possible to cause a remote denial of service attack against Kazaa
Media Desktop v2.

If you can inject a malicous response for the automated ad download of
the client, you can cause a bufferoverflow and the denial of service. It
may be possible to run arbitary code with this vulnerability.

The easiest way to reproduce this behavior is deny all http connections
to hosts named *ad*. For example activate the "Block Sites" feature of
the NetGear FM114P and block the keyword "ad". After this change, every
time you start the vulnerable Kazaa client, the software crashes with
the typical windows error message during connection establishment.

Tested on Kazaa Media Desktop 2.0.2, Built Tuesday, November 05, 2002,
17:07:24 on Windows XP Professional with NetGear FM114P.

My bug report was sent on 03/01/27 to The Sharman Networks Team. Nothing
came back - Just the automated default reply.

Bye, Marc

-- 
Computer, Technik und Security                  http://www.computec.ch/
Meine private Webseite                    http://www.computec.ch/mruef/

  By Date           By Thread  

Current thread:
  • Denial of service against Kazaa Media Desktop v2 Marc Ruef (Feb 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]