WelcomeEnterpriseSmall BusinessHome & Home OfficePartnersAbout Symantec

FastTrack P2P Supernode Packet Handler Buffer Overflow Vulnerability

Risk
High

Date Discovered
05-26-2003

Description
FastTrack P2P Supernode Packet Handler has been reported prone to a buffer overflow vulnerability. The issue presents itself in the FastTrack Supernode packet handler. The handler does not perform sufficient bounds checking on supernode entries received before they are copied into a reserved buffer in internal memory.

An attacker may exploit this vulnerability to trigger a denial of service condition or ultimately have arbitrary attacker supplied code executed. Code execution would occur in the context of the user running an application that incorporates the vulnerable FastTrack P2P Packet Handler.

It should be noted that this vulnerability has been tested on KaZaA version 2.0.2. Other versions of KaZaA and similar file-sharing clients based on FastTrack P2P technology may also be affected.

Platforms Affected
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 2000 Workstation
Microsoft Windows 2000 Workstation SP1
Microsoft Windows 2000 Workstation SP2
Microsoft Windows 2000 Workstation SP3
Microsoft Windows 95
Microsoft Windows 95 SR2
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0 SP1
Microsoft Windows NT 4.0 SP2
Microsoft Windows NT 4.0 SP3
Microsoft Windows NT 4.0 SP4
Microsoft Windows NT 4.0 SP5
Microsoft Windows NT 4.0 SP6
Microsoft Windows NT 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows XP Home
Microsoft Windows XP Professional

Components Affected
Grokster Grokster 1.3
Grokster Grokster 1.3.3
iMesh.Com iMesh 1.0 2 and previous
iMesh.Com iMesh 3.1
KaZaA KaZaA Media Desktop 1.3
KaZaA KaZaA Media Desktop 1.3.1
KaZaA KaZaA Media Desktop 1.3.2
KaZaA KaZaA Media Desktop 1.6.1
KaZaA KaZaA Media Desktop 2.0
KaZaA KaZaA Media Desktop 2.0.2
Music City Networks Morpheus 1.3
Music City Networks Morpheus 1.3.3
Music City Networks Morpheus 1.9

Recommendations
Block external access at the network boundary, unless service is required by external parties.
If applicable, block all incoming FastTrack P2P based traffic at the network boundary.

Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy network intrusion detection systems and audit logs regularly.

Run all server processes as non-privileged users with minimal access rights.
If possible, reduce the privilege level of this and other server processes. This will limit the immediate consequences of a successful attack.

Implement multiple redundant layers of security.
An attackers ability to exploit this vulnerability, to execute arbitrary code, may be hindered through the use of various memory protection schemes. Where possible, implement the use of non-executable and randomly mapped memory segments.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
Grokster Grokster 1.3:
Grokster Grokster 1.3.3:
iMesh.Com iMesh 1.0 2 and previous:
iMesh.Com iMesh 3.1:
KaZaA KaZaA Media Desktop 1.3:
KaZaA KaZaA Media Desktop 1.3.1:
KaZaA KaZaA Media Desktop 1.3.2:
KaZaA KaZaA Media Desktop 1.6.1:
KaZaA KaZaA Media Desktop 2.0:
KaZaA KaZaA Media Desktop 2.0.2:
Music City Networks Morpheus 1.3:
Music City Networks Morpheus 1.3.3:
Music City Networks Morpheus 1.9:

References
Source: Grokster Homepage
URL: http://www.grokster.com/

Source: iMesh Product Homepage
URL: http://www.imesh.com

Source: KaZaA Homepage
URL: http://www.kazaa.com/

Source: Morpheus Homepage
URL: http://www.musiccity.com

Credits
Discovery of this vulnerability has been credited to random nut <random_nut@yahoo.com>.

Copyright (c) 2003 by Symantec Corp.
Permission to redistribute this alert electronically is granted as long as it is not edited in any way unless authorized by Symantec Security Response. Reprinting the whole or part of this alert in any medium other than electronically requires permission from symsecurity@symantec.com.

Disclaimer
The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use in an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

Symantec, Symantec products, Symantec Security Response, and SymSecurity are registered trademarks of Symantec Corp. and/or affiliated companies in the United States and other countries. All other registered and unregistered trademarks represented in this document are the sole property of their respective companies/owners.

Site Map · Legal Notices · Privacy Policy · · Contact Us · Global Sites · License Agreements
©1995 - 2008 Symantec Corporation