[18511] in bugtraq
Re: Audiogalaxy.com mp3 sharing software
daemon@ATHENA.MIT.EDU (Michael Merhej)
Tue Jan 9 20:36:54 2001
Message-ID: <20010110001130.22358.qmail@www5>
Date: Wed, 10 Jan 2001 00:11:30 -0000
Reply-To: michael@AUDIOGALAXY.COM
From: Michael Merhej <michael@AUDIOGALAXY.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Hello,
While its true if a user got a hold of your
password they could send you mp3 files - or at
least files with an mp3 extension. The satellite
will only name files with a .temp or .mp3
extension. Even if the filename is really an
executable it will have a .mp3 extension. To
actually run the file you would then need to
purposely rename the file with a .exe extension.
Hope this helps - if you have any other security
related questions I will be glad to answer.
> 2. Problem?
> While this problem will not stop the world or
allow the script kiddies
> to ./wu their way through us, its a problem none
the less. Versions of
> Audiogalaxy Satelite software pre .601W for
windows held the username and
> password for a users account in a plain text file
within the audiogalaxy
> directory on their system. While if an intruder
gained this information only
> the list of songs in the download que (which is
stored on the server) would
> be compromised, this could have other effects.
>
> 2a. theory one 1. Gain the username and
password for a users acct. Intruder
> modies the download que so that when the
user comes online they will download
> a "mp3" from the intruders system. The mp3 is
actually something else. ie.
> virus or back orifice or similar program. If the
user ran the mp3 directly
> then of course the infection would start. --lets
examine this a little
> further. Evil intruder steals password and
username. Edits download que.
> User runs fake mp3 which is back orifice. User
gets keylogged. User is
> goverment employee who telnets (telnet bad)
into secure goverment system.
> Goverment system not secure anymore. Web
site gets defaced. Oh no the
> kiddies can use this.
>
> 2b. theory two. 2. Many users use a common
password and this is the point
> that i brought to Audiogalaxy. While its not their
problem if a user does
> this, why not help out. If the user had their
Audiogalaxy username and
> password compromised then its possible other
things get compromised.
>
>
> 3. Solution
>
> Upgrade to the newest version which has been
out for sometime, and in general
> use different passwords.
>
> Note- I have not checked the Linux version for
any problems, if someone gets
> to it before I do pleae let me know.
>
