pressetext.europe
pressetext.europe
Contact:
Newsfox Desk
Phone: + 43 - 1 - 811 40 - 319
E-Mail: editor@newsfox.com
KEYWORDS:
HIGHTECH
Wed, 28.05.2003
Print
pte20030528052 Computer/Telecommunications
Pressbox Pressbox
Security gap threatens P2P networks
FastTrack vulnerable to buffer overflow attacks

Internet (pte052/28.05.2003/17:50) - A recently detected security gap in FastTrack, the basic technology for P2P networks such as KaZaA or Grokster, permits attackers to shoot down or take over important supernodes by allowing them to launch a buffer overflow attack.

The information on the security gap was supplied by a hacker using the pseudonym Random Nut on the Full Disclosure mailing list http://lists.netsys.com/pipermail/full-disclosure/2003-May/009863.html .

The bug known as "Packet O' Death" takes advantage of the fact that the packet-manager in the supernode expects a maximum of 200 addresses from other supernodes in arriving queries. If these contain more addresses, the result is buffer overflow. The supernode computer than crashes or allows other codes to be entered.

In a FastTrack network any computer with enough capacity and a public IP address can become a supernode, and the number of supernodes constantly varies. One supernode manages up to 600 clients in an exchange network. These network nodes are then used to search for individual files.

(end)
Submitter: pressetext.europe
Contact: Newsfox Desk
Phone: + 43 - 1 - 811 40 - 319
E-Mail: editor@newsfox.com
Website:
pressetext.europe