Network Security and ISO 27001 / 17799 News
  Create an account
:: Home  ::  Downloads  ::  Your Account  ::  Forums  ::
Login
Nickname

Password

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
 
Site Navigation
· Home
· Contribute Story!
· Downloads
· Encyclopedia
· Feedback Form
· Forums
· Infosecurity
· Iso17799-FAQ
· Legal
· Maillists
· Newsfeeds
· RFCs
· Search
· Stories Archive
· Surveys
· Top 10
· Topics
· Web Links
· Your_Account
 
User Info
Welcome, Anonymous
Nickname
Password
(Register)
Membership:
Latest: REav
New Today: 0
New Yesterday: 0
Overall: 54703

People Online:
Visitors: 7
Members: 0
Total: 7
 
Who's Online
There are currently, 7 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
 
BS7799 and ISO 17799
The following resources should prove to be good starting points for the standards:

Theory & information:
BS7799 & ISO 27001
Official downloads:
BS7799, ISO 17799, ISO 27001
User group for both:
ISO 17799, ISO 27001

 
Survey
Have security issues stalled VoIP deployments within your company?

Yes
No



Results
Polls

Votes 140
 
Network Security and ISO 27001 / 17799 News: Forums

packetdefense.com -- View topic - Yahoo! Instant Messenger Filename Buffer Overflow

 
 Forum FAQForum FAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages 

packetdefense.com Forum Index -> Incidents

Yahoo! Instant Messenger Filename Buffer Overflow

  Author    Thread Post new topic Reply to topic
savanted1
Honor Circle Member


Joined: Sep 17, 2003
Posts: 72
Yahoo! Instant Messenger Filename Buffer Overflow

Description: Yahoo! Instant Messenger (YIM) provides file sharing
support that allows users to download files from one another. The YIM
component responsible for this function, ft.dll, is vulnerable to a
buffer overflow which can be triggered by an overlong filename. An
attacker must trick a victim YIM user into downloading a file with an
overlong name in order to exploit the flaw. Successful exploitation
allows arbitrary code execution on the victim system with the privileges
of the user running YIM. The technical details required for exploitation
have been posted.

Status: Vendor confirmed. Yahoo! has reported that versions 5.6.0.1355,
5.6.0.1356 and 5.6.0.1358 are not vulnerable, and is working on further
updates.

Council Site Actions: Only two reporting council sites stated they have
implementations of the affected software. Both of these sites commented
that the software was not officially supported; although they are aware
of its use. One site sent a notification to their system administration
group. The other site does not plan to take any action at this time and
assumes the users will learn of the vulnerability on their own and take
appropriate action.

References:
Postings by Tri Huynh (discovered the bug)
http://archives.neohapsis.com/archives/bugtraq/2004-01/0061.html
_________________
Innovations At The Speed Of A Thought®

Savanted1®

Post Thu Jan 15, 2004 5:44 pm 
 View user's profile  Reply with quote  
  Display posts from previous:      
Post new topic Reply to topic

Jump to:  


Last Thread | Next Thread  >

Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

 

Powered by phpBB: 2.0.10 © 2001 phpBB Group
PHPBB2-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
phpBB Style by vereor and Nick Mahon
Forums ©
http://www.packetdefense.com. Network security and BS7799 / ISO 17799 / ISO 27001 News
© 2003 PacketDefense. Network Defense in Depth using ISO 27000
Web site engine's code is Copyright © 2003 by phpnuke dot org. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL.
Page Generation: 0.383 Seconds