Slashdot Mirror


Exploit Found in Seti@Home

Jamie noted that an Exploit was found in Seti@Home and there is code exploiting the hole actually running about in the wild. Patches are available for those of you not interested in running a public warez server or DoS client ;)

2 of 266 comments (clear)

  1. Re:Aliens exploiting? by matttastic · · Score: 1, Redundant

    I wonder whether or not you're an alien putting the fear into the human race and bringing about our own downfall through panic!

    Damn those infinately clever aliens!

  2. Four months.... by Anonymous Coward · · Score: -1, Redundant
    checkout the "Timeline" in the linked article (I'll repeat it here in case it gets slashdotted)

    2002/12/05 Information leakage discovered.
    2002/12/14 Bufferoverflow in client discovered.
    2002/12/31 Seti@home team contacted through their website http://setiathome.berkeley.edu/help.html.
    2003/01/07 Seti@home team contacted again.
    2003/01/14 Bufferoverflow in server discovered.
    2003/01/21 Seti@home team contacted again, this time through email.
    2003/01/21 Seti@home team confirmed the problem.
    2003/01/25 Seti@home team promissed fixed version are being build.
    2003/02/03 Seti@home team informed me about problems with the fixes for the win32 version.
    2003/04/06 New Seti@home clients available, advisory released.


    This advisory came 4 months late. While I'm glad this person contacted Seti first before releasing the advisory, I cannot believe that it took them two months to fix a bufer overflow! While seti@home isn't a mission critical app, I would think the seti people would want to release a new version very quickly, at the very least so that they know that their personal omputers can't get exploited.