From: Russell S/nillion42 (nillion42wyoming.com)
Date: Wed Mar 05 2003 - 12:50:55 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--- the forwarded message follows ---

attached mail follows:

Hi Bill,

Could you post this to the vuln-dev mailing list? The address is
vuln-devsecurityfocus.com.

David Mirza Ahmad
Symantec

"sabbe dhamma anatta"

0x26005712
8D 9A B1 33 82 3D B3 D0 40 EB AB F0 1E 67 C6 1A 26 00 57 12

On 4 Mar 2003, Bill Hendron wrote:

>
>
> Problem:
> Lack of file checksum in kazaa leads to the ability to
> spread corrupted files and corrupt the dowload of any file.
>
> Method:
> By deleting(replacing with hex 00) the data from a mp3
> file and leaving the headers you can create a file
> which has identical filesize (kazaa checks filesize).
> When a kazaa user downloads a file, multiple download
> streams can be used, if a stream is created to the
> corrupted file, it will make the download useless once
> finished not readily appraent until download is complete.
>
> Additional:
> On modems and other areas where compression is used,
> this can lead to the file traveling at rapid speeds
> (greater than 20kps on a 56k modem). This could cause
> the files that are corrupted file or corrupted portions
> to spread rapdily to other users before the user has a
> chance to check the quality of the file and delete it.
>
>
> -Bill Hendron
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]