Explore top 10 tips to secure your open-source projects now. Read More
×It is possible for anyone to obtain any user-readable file by sending a properly formed "GET" command that contains the full path of the file
a new version which addresses this vulnerability. The fix simply checks that a requested file is in the list of shared files. The current version can be downloaded from:
http://vtun.netpedia.net/
Exploit: Two of us have developed an exploit code for this vulnerability, but we will
not be releasing this to the public.
Conclusion: We have described a vulnerability in one client implementation of the napster protocol. There may be similar problems in other implementations of the protocol as we have not done an exhaustive search. The official Windows client does not seem to be affected </earlyjp@cs.purdue.edu></florian@cerias.purdue.edu></daniels@cerias.purdue.edu>
Get the latest Linux and open source security news straight to your inbox.