Yahoo! Instant Messenger Denial of Service Vulnerability
BID:2219
Info
Yahoo! Instant Messenger Denial of Service Vulnerability
| Bugtraq ID: | 2219 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Sep 28 1999 12:00AM |
| Updated: | Sep 28 1999 12:00AM |
| Credit: | Reported by Team Asylum <mailto:[email protected]> on Tue Sep 28 1999 |
| Vulnerable: |
Yahoo! Instant Messenger build 733 |
| Not Vulnerable: |
Yahoo! Instant Messenger build 734 |
Discussion
Yahoo! Instant Messenger Denial of Service Vulnerability
A vulnerability exists in build 733 of Yahoo!'s Instant Messenger Service client.
Messenger listens on TCP port 5010 as long as the program is running.
A remote attacker connecting to the IM user's open port 5010 will cause the IM client to crash, allowing a Denial of Service attack. The open port also allows an attacker to scan large networks and locate IM users with little effort.
Build 734 of the IM client leaves port 5010 open but will not crash in response to an incoming connection.
A vulnerability exists in build 733 of Yahoo!'s Instant Messenger Service client.
Messenger listens on TCP port 5010 as long as the program is running.
A remote attacker connecting to the IM user's open port 5010 will cause the IM client to crash, allowing a Denial of Service attack. The open port also allows an attacker to scan large networks and locate IM users with little effort.
Build 734 of the IM client leaves port 5010 open but will not crash in response to an incoming connection.
Exploit / POC
Yahoo! Instant Messenger Denial of Service Vulnerability
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Yahoo! Instant Messenger Denial of Service Vulnerability
Solution:
Download build 734 or later from:
http://messenger.yahoo.com </external/http://messenger.yahoo.com>
Solution:
Download build 734 or later from:
http://messenger.yahoo.com </external/http://messenger.yahoo.com>
References
Yahoo! Instant Messenger Denial of Service Vulnerability
References:
References: