fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kazaa | Fasttrack | 1.2 (including) | 1.2 (including) |
| Kazaa | Fasttrack | 1.3 (including) | 1.3 (including) |
| Kazaa | Fasttrack | 1.3.3 (including) | 1.3.3 (including) |
| Kazaa | Fasttrack | 1.4 (including) | 1.4 (including) |
| Kazaa | Fasttrack | 1.5 (including) | 1.5 (including) |
| Grokster | Grokster | 1.3 (including) | 1.3 (including) |
| Grokster | Grokster | 1.3.3 (including) | 1.3.3 (including) |
| Morpheus | Music_city_networks | 1.3 (including) | 1.3 (including) |
| Morpheus | Music_city_networks | 1.3.3 (including) | 1.3.3 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=101441689224760\u0026w=2
- http://www.iss.net/security_center/static/8272.php
- http://www.securityfocus.com/bid/4121
- http://marc.info/?l=bugtraq\u0026m=101441689224760\u0026w=2
- http://www.iss.net/security_center/static/8272.php
- http://www.securityfocus.com/bid/4121