Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY LINKS NEWS MAN DOCUMENTATION

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

Date: Fri, 25 Dec 1998 09:31:21 -0600
From: Nathan Neulinger <nneul@UMR.EDU>
To: BUGTRAQ@NETSPACE.ORG
Subject: Yahoo Pager - security bug w/ services 7,8

I've been working on a GTK (unix) yahoo pager client based on Doug
Winslow's yppro2.c source and found the following security problem while
testing some client functionality.

Any user can send a packet with service #7 or #8 and activate/deactivate
an identity, even if it isn't your own alternate identity. It does
appear that the primary id for the identity affected has to be logged on
though.

If you send a message to that id, it does go to the correct destination.

The problem is, it can be abused simply by someone logging on and
deactivating an identity for someone else, which makes it look like that
id logged off.

The fix - when your server handles a id-activate/id-deactivate service
request, it should make sure that request is coming from the primary ID
for that identity. (You should be able to do that without a protocol
version change.)

-- Nathan

<< Previous INDEX Search src Set bookmark Go to bookmark Next >>

ПОДПИШИСЬ НА ЖУРНАЛ Linux Format 2012! Журнал "Linux Format" (Линукс Формат)- Единственный в России и странах СНГ журнал на русском языке, посвящённый Linux и свободному ПО. Журнал для IT-директоров, IT-менеджеров, программистов, системных администраторов, учителей школ и преподавателей ВУЗов и всех пользователей ПК. В каждом выпуске: Новости индустрии OpenSource, обзоры новинок свободного ПО, обучающие и методические статьи. Каждый, кто оформит подписку, получает бонусы и подарки- объёмные наклейки на системный блок, диск с архивом номеров за 2005-2011 г.г. и ежемесячно электронную версию журнала в pdf-формате. Оформить подписку на год