• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

FastTrack P2P Technology Message Service Denial Of Service Vulnerability

KaZaA, Grokster and Morpheus are file-sharing clients based on FastTrack P2P technologies. They will run on Microsoft Windows 9x/ME/NT/2000/XP systems. Ports also exist for variants of the Linux operating system.

It has been reported that it is possible to starve resources on a host running a vulnerable client by repeatedly sending messages. While normally this issue could be mitigated by using the features provided by the client to ignore a malicious user who is repeatedly sending messages, it has been discovered that it is also possible for an attacker to spoof their identity.

The identity spoofing issue is described in BugTraq 4121 "FastTrack P2P Technology Message Service Identity Spoofing Vulnerability".

Any versions of file-sharing clients based on FastTrack P2P technologies which include the messaging functionality should be considered prone to this issue.

This issue has reportedly been addressed in KaZaA v1.5.