-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
http://www.theregister.co.uk/2005/03/16/limewire_vuln/
Limewire users need to update their software following the discovery of a brace of vulnerabilities that could allow snoops to spy on any file on a computer running vulnerable versions of the popular P2P file-trading software. The pair of security bugs, reported in Limewire versions 3.9.6 through 4.6.0 (for Windows), allows an intruder to read files outside shared directories whenever a target logs onto P2P networks.
The security glitch applies to free and paid versions of the program, on all operating systems for which it is available. Windows users are urged to update to version 4.8 of the package to guard against exploitation. Mac users should upgrade to version 4.0.10.
The security bugs were discovered by researchers at Cornell University while working on a new application, called Credence, designed to help Limewire users to avoid corrupt or damaged files using a rating system. In the process they discovered a pair of vulnerabilities, only one of which (an input validation error in the handling of "magnet" requests that opens the door to directory traversal attacks) can be defeated by a firewall............
**************** *****************************
Kiggundu Mukasa # Computer Network Consultancy###
KYM-NET LTD. # Intranets & Internet Solutions#
Plot 80 Kanjokya Street
P.O. Box 24284 Kampala, Uganda
Tel: +256 77 972255
+256 71 221141
Fax: +256 31 262122
*****************************************************************
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)iD8DBQFCOSff6oXqh9gLHWwRAh53AJ0doo8QLPFAYGUmpAHZBEZDGvcb/QCbBsrz Mm2WkHvDeL1xpxpaTNw8Ntk= =cfWa -----END PGP SIGNATURE-----
_______________________________________________ LUG mailing list [email protected] http://kym.net/mailman/listinfo/lug %LUG is generously hosted by INFOCOM http://www.infocom.co.ug/
