Isn't the profile lock port binded to 127.0.0.1, so it only listens to local connections? in that case, it can't be remotely exploited...
On 4/22/07, Youness Alaoui <[EMAIL PROTECTED]> wrote: > Hi, > > I'm a developer and admin of the aMSN project, someone just sent me this link > ( http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053912.html ). > > I just grepped in the source code and that port (31337) is not used by aMSN, > it could be a port used for a > profile (as a locking system), in which case the port is randomly chosen each > time, so this is probably just a > fluke, he found the port of his current aMSN instance and used it. > > As I don't have more info, I can't really test this bug and find the real > cause and fix it, so it would be nice > to have more info about this. > > Seeing how the user replied on the "Vendor contacted?" tag, I wonder if I can > get any more info on this matter. > > Thanks, > KaKaRoTo > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Amsn-devel mailing list > Amsn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amsn-devel > -- (:===========================================:) Alvaro J. Iradier Muro - [EMAIL PROTECTED] ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Amsn-devel mailing list Amsn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amsn-devel
