KaZaA to be updated in next 24 hours due serious security leak

According to an
article on ZDNet Australia has a security expert found a serious leak in the
KaZaA file sharing software. It is possible for hackers to excute arbitrary code
and this wayattackers can take control of or crash the FastTrack supernodes. The
exploit has not been released to the public, so if no other hacker finds out
current users will be safe, but Sharman Networks (owner of KaZaA) have said it
will be releasing a patch, developed by JoltID (the company who developed KaZaA,
formerly FastTrack)


Identifying himself only by his pseudonym, Random Nut, he said he
went public with the vulnerability after waiting nearly two weeks for
Kazaa and Joltid, the makers of FastTrack, to get back to him. 'On Tue 13
May I e-mailed a guy at Joltid, and about 2 days later I filed a bug
report at
kazaa.com. Yesterday, after reading it on Full Disclosure, someone working
for Joltid contacted me. He told me that the guy I e-mailed had been on a
long honeymoon," he said.

Although he has exploited the
vulnerability, he will not be releasing exploit code into the public
domain. 'I haven't released the exploit code. I don't want some little
script-kiddie to close down all of the FastTrack network or parts of it,"
he said.


 According to Sharman the exploit is not very serious
(probably because there is only a small possibility to be hacked) but
nevertheless the company will be releasing a fix within 24 hours. Read the
entire article here.

Source: ZDNet.au

No posts to display