Security problems in Yahoo Messenger

Discussion in 'other security issues & news' started by spy1, Feb 26, 2002.

Thread Status:
Not open for further replies.
  1. spy1
    Offline

    spy1 Registered Member

    SecurityFocus reports at http://online.securityfocus.com/archive/1/257584
    a series of security
    problems affecting the correct functioning of Yahoo Messenger version 5.

    This version of Yahoo Messenger listens on port 5101 of the client computer,
    which creates a series of problems that could be exploited by an attacker
    that sends traffic to the aforementioned port in the targeted user's
    computer. More precisely, an attacker could perform the following actions on
    the affected system:

    -Carry out a denial of service attack on Yahoo Messenger by overflowing the
    message field in the yahoo protocol. Similar effects can be caused by
    overflowing the Imvironment field.

    -Send messages under another name, impersonating a sender.

    -Send multiple messages from different names, flooding a certain user with
    messages and overloading their client.

    -Add a person to their list of contacts  (without the person's consent) and
    send messages to them until the person's IP address is sent in a message
    over Yahoo's server.
Thread Status:
Not open for further replies.