home *** CD-ROM | disk | FTP | other *** search
- Date: Fri, 25 Dec 1998 09:31:21 -0600
- From: Nathan Neulinger <nneul@UMR.EDU>
- Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
- To: BUGTRAQ@netspace.org
- Subject: Yahoo Pager - security bug w/ services 7,8
-
- I've been working on a GTK (unix) yahoo pager client based on Doug
- Winslow's yppro2.c source and found the following security problem while
- testing some client functionality.
-
- Any user can send a packet with service #7 or #8 and activate/deactivate
- an identity, even if it isn't your own alternate identity. It does
- appear that the primary id for the identity affected has to be logged on
- though.
-
- If you send a message to that id, it does go to the correct destination.
-
- The problem is, it can be abused simply by someone logging on and
- deactivating an identity for someone else, which makes it look like that
- id logged off.
-
- The fix - when your server handles a id-activate/id-deactivate service
- request, it should make sure that request is coming from the primary ID
- for that identity. (You should be able to do that without a protocol
- version change.)
-
- -- Nathan
-
- -------------------------------------------------------------------------
-
- Date: Tue, 29 Dec 1998 12:35:02 -0600
- From: "Neulinger, Nathan R." <nneul@UMR.EDU>
- To: BUGTRAQ@netspace.org
- Subject: followup on yahoo pager security problem
-
-
- Just wanted to let everyone know, I heard from one of Yahoo's engineers. He
- applied a fix to the server source, and it will be getting put in place on
- the next server upgrade.
-
- This is in regards to the service 7/8 identity activation problem.
-
- -- Nathan
-
- ------------------------------------------------------------
- Nathan Neulinger EMail: nneul@umr.edu
- University of Missouri - Rolla Phone: (573) 341-4841
- Computing Services Fax: (573) 341-4216
-
-
