spy1
February 26th, 2002, 02:14 PM
SecurityFocus reports at http://online.securityfocus.com/archive/1/257584
a series of security
problems affecting the correct functioning of Yahoo Messenger version 5.
This version of Yahoo Messenger listens on port 5101 of the client computer,
which creates a series of problems that could be exploited by an attacker
that sends traffic to the aforementioned port in the targeted user's
computer. More precisely, an attacker could perform the following actions on
the affected system:
-Carry out a denial of service attack on Yahoo Messenger by overflowing the
message field in the yahoo protocol. Similar effects can be caused by
overflowing the Imvironment field.
-Send messages under another name, impersonating a sender.
-Send multiple messages from different names, flooding a certain user with
messages and overloading their client.
-Add a person to their list of contacts *(without the person's consent) and
send messages to them until the person's IP address is sent in a message
over Yahoo's server.
a series of security
problems affecting the correct functioning of Yahoo Messenger version 5.
This version of Yahoo Messenger listens on port 5101 of the client computer,
which creates a series of problems that could be exploited by an attacker
that sends traffic to the aforementioned port in the targeted user's
computer. More precisely, an attacker could perform the following actions on
the affected system:
-Carry out a denial of service attack on Yahoo Messenger by overflowing the
message field in the yahoo protocol. Similar effects can be caused by
overflowing the Imvironment field.
-Send messages under another name, impersonating a sender.
-Send multiple messages from different names, flooding a certain user with
messages and overloading their client.
-Add a person to their list of contacts *(without the person's consent) and
send messages to them until the person's IP address is sent in a message
over Yahoo's server.