Yes, i read about this on several medias, including one security website... but as ar as i know this is a known -maybe not well-known- un-elegant feature of thefile-sharing system. As ar as i know there is no security threat compromising files beyond the ones that are already share. Once you download a file trough, the software detected and process it normaly. There isn't (as far as i know) anything like " ../ " path problems or unicode related... and i "think" a DoS is not probable.The only "interesting" stuff is the curious way Kazaa represent the path to the files, preceding it with a directory not physical present on the hard disk directories.The only way this could be used is on really stupid people.. people like the bbc journalist we may say... Carlos Gaona U. ndr113at_private > ----- Original Message ----- > From: "HarryM" <harrym@the-group.org> > To: <vuln-devat_private> > Sent: Monday, February 04, 2002 12:31 AM > Subject: Reported Kazaa and Morpheus vulnerabilities > > > > RE the article on the BBCs website at > > http://news.bbc.co.uk/hi/english/sci/tech/newsid_1798000/1798095.stm > > > > I just searched the archives at Securityfocus and CERT and neither > produced > > any relavent results > > > > I mean, pointing a browser to http://ip_address:1214/ does give a list of > > files... it gives the list of files that you're sharing. So what? > > > > Anyone know anything about this? > > > > Harry M >
This archive was generated by hypermail 2b30 : Sun Feb 03 2002 - 23:26:48 PST