|
|
|
Vulnerability Note VU#952875
Yahoo! Messenger is vulnerable to DoS via multiple messages from spoofed names
OverviewYahoo! Messenger is an instant messaging client. A report indicates that there is a vulnerability that permits an attacker to spoof the source user name of a Yahoo! Messenger message.
I. DescriptionYahoo! Messenger permits a user to place users on an ignore list. A vulnerability exists that permits users to spoof their source user names on messages. This permits users who have been ignored to continue to send messages to their victim user.II. ImpactThis vulnerability could be used in a mass messaging attack that could lead to the denial of service of a client.III. SolutionThis vulnerability was resolved in version 5,0,0,1058.Systems Affected
| Vendor | Status | Date Updated |
|---|
| Yahoo | Vulnerable | 5-Jun-2002 |
References
http://online.securityfocus.com/archive/1/257584
http://www.iss.net/security_center/static/8267.php
http://www.securityfocus.com/bid/4164
Credit
This vulnerablity was discovered by Scott Woodward <scott@phoenixtechie.com>.
This document was written by Jason Rafail.
Other Information
| Date Public | 02/21/2002 |
| Date First Published | 06/05/2002 02:15:28 PM |
| Date Last Updated | 06/05/2002 |
| CERT Advisory | CA-2002-16 |
| CVE Name | CAN-2002-0321 |
| Metric | 3.19 |
| Document Revision | 14 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
 |
