I still see the same problem in build 734. ----- Original Message ----- From: Team Asylum <security@TEAM-ASYLUM.COM> To: <BUGTRAQat_private> Sent: Tuesday, September 28, 1999 8:08 PM Subject: Team Asylum: Yahoo! Messenger DoS > Team Asylum Security > Copyright (c) 1999 By CyberSpace 2000 > http://www.team-asylum.com > Source: Jason Pearsall [jason@team-asylum.com] > Alert Date: 09/18/99 > Release Date: 09/27/99 > > Affected > -------- > - Yahoo! Messenger (build 733) for Windows 95/98. > > Product Description > ------------------- > Yahoo! Messenger is a multi-functional online IM client which offers > not only instant messaging, but also content-driven features integrated > into Yahoo!'s vast amount of information services such as stock market > updates, e-mail, and news. > > Alert Description > ----------------- > A denial of service attack exists in build 733 of Yahoo! Messenger. > The vulnerability exists when Messenger leaves port 5010 open. When > a connection is made on port 5010, Messenger crashes. The connection > stays open until the user closes the program. > > Malicious users can not only crash Yahoo! Messenger users, but it also > gives them the capability of scanning and detecting Messenger users > across wide networks by simply scanning port 5010. > > Fix > --- > Team Asylum has notified Yahoo! and they have released build 734. > Yahoo! Messenger (Build 734) still has port 5010 open but will not crash > if connections are made unto it. > > Yahoo! Messenger can be found at: > > http://messenger.yahoo.com >
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:06:25 PDT