Intrusion Detection Systems mailing list archives

Previous By Date Next
Previous By Thread Next

Gnutella/Napster

From: t_sjogren () postmaster co uk (thomas sjogren)
Date: Mon, 22 May 2000 14:37:48 +0100

Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au

Don't run strange file sharing software like Gnutella or Napster clones. You may get more then you bargained for. 
Several potential large scale security problems in Gnutella have come to light.

:KNapster:
You can download ANY file off of a persons system using a specifically formatted GET request. Anyone running version 
0.9.0 or earlier is vulnerable. Upgrade to the current version at:
http://knapster.netpedia.net/#DOWNLOAD
         
:Gnapster:
Same problem as KNapster, grab any file using a specifically formatted GET request. Anyone running 1.3.8 or earlier is 
vulnerable. Upgrade to the latest version at:    http://download.sourceforge.net/gnapster/gnapster-1.3.9.tar.gz

:Source:
http://securityportal.com/topnews/weekly/linux20000515.html
                   

/thomas 

-- 
email: t_sjogren () postmaster co uk
phone: +46 (0)739 76 23 06
pgp: www.freespeech.org/screams/Sjogren.txt
Previous By Date Next
Previous By Thread Next

Current thread: