The peer-to-peer file sharing clients Kazaa and iMesh, which both use the FastTrack network, have been reported to have a critical security flaw which could see the supernodes (the things users connect to) in the network open to attack, and if a user takes advantage of these exploits they could crash the supernodes.
A patch should be available in a day or so, and users of the popular software are urged to install it as soon as it's available.
The user who identified the exploit, Random Nut, has claimed that "It's definitely a serious risk. Just ask anyone... if executing arbitrary code is a serious risk or not". The user, whose real name remains a mystery, claims to have contacted Kazaa and Joltid two weeks ago, but due to a lack of response he has gone public. He told ZDNet that "[On] Tue 13 May I emailed a guy at Joltid, and about 2 days later I filed a bug report at www.kazaa.com. Yesterday, after reading it on Full Disclosure, someone working for Joltid contacted me. He told me that the guy I emailed had been on a long honeymoon".
While Random Nut has explained the problem publicly, he claims not to have released any of the exploit code in the public domain. He said that "I haven't released the exploit code. I don't want some little script-kiddie to close down all of the [FastTrack] network or parts of it".
News source: ZDNet
-1 Comments - Add comment