Vulnerability Development mailing list archives

Napster a little insecure?

From: dmiller () I-MIND COM (Dennis Miller)
Date: Thu, 27 Jan 2000 17:58:57 -0800


I'm running Napster v2.0 Build 1318 which is a freeware utility to share
MP3's across
the internet located at http://www.napster.com <http://www.napster.com> .
Notice Napster sends the complete location of the file(s) being sent.  Does
this mean that there is a way to coax the client to offer up ANY file?

RECEIVED (on different query)
    81 00 C9 00
    "c:\WINDOWS\DESKTOP\mp3s\Nirvana-Lithium.mp3"
        (32-byte checksum)
        (size in bytes)
        (bitrate in kbps)
        (freq)
        (duration in seconds)
        (username)
        (magic cookie - "643813570")
        (line speed)
    92 00 C9 00
    "G:\Program Files\napster\Music\NIRVANA - Smells Like
                Teen Spirit.mp3"
        (32-byte checksum)
        ...
    00 00 CA 00 00 00

Dennis Miller
dmiller () iMind com

Current thread:

Napster a little insecure? Dennis Miller (Jan 27)
- Re: Napster a little insecure? Gunes Sen (Jan 27)
- Re: Napster a little insecure? Jordan Ritter (Jan 28)
- IIS4.0 .htw vulnerability Fricke, Gregory D. (Jan 28)
- <Possible follow-ups>
- Re: Napster a little insecure? Thiago Mello (Jan 28)
  - Re: Napster a little insecure? Sebastian (Jan 29)
  - Re: Napster a little insecure? technot (Jan 29)
- Re: Napster a little insecure? Thomas Maschutznig (Jan 29)
  - Re: Napster a little insecure? Mark Shirley (Jan 30)
  - Re: Napster a little insecure? WHiTe VaMPiRe (Jan 30)
- Re: Napster a little insecure? Jordan Ritter (Jan 30)

(Thread continues...)