Comments on: Soulseek P2P Application Vulnerable to Remote Takeover https://torrentfreak.com/soulseek-p2p-application-vulnerable-to-remote-takeover-090530/ Breaking File-sharing, Copyright and Privacy News Tue, 28 Oct 2014 17:48:34 +0000 hourly 1 http://wordpress.org/?v=3.9.2 By: Chiquitin /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-567466 Mon, 08 Jun 2009 07:28:38 +0000 http://torrentfreak.com/?p=13583#comment-567466 It’s visible again.

http://forums.slsknet.org/ipb/index.php?showtopic=24110

]]> By: Chiquitin /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566758 Sat, 06 Jun 2009 09:32:21 +0000 http://torrentfreak.com/?p=13583#comment-566758 Edit:

the topic was made invisible as suggested by Laurent Gaffié.

]]> By: Chiquitin /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566757 Sat, 06 Jun 2009 09:29:30 +0000 http://torrentfreak.com/?p=13583#comment-566757 It’s fixed. The first patch was on the server side, the remaining issue on the client side is now also patched, so, “updateslsk”, you’re wrong. And “/usr/local/dick”, as explained, the topic was make invisible as suggested by the Laurent Gaffié.

http://forums.slsknet.org/ipb/index.php?showtopic=24181

]]> By: /usr/local/dick /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566691 Fri, 05 Jun 2009 18:06:21 +0000 http://torrentfreak.com/?p=13583#comment-566691 After responding to a worried user last week on the SLSK forum that he should not use the buggy Windows client software any more until a fix was released, I found out the entire topic had been deleted!

The lame developers just do not respond to security reports for almost a year, and only after researcher Laurent Gaffié goes public on FD they suddenly wake up and fix their app.

Way to go guys.

]]> By: updateslsk /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566454 Thu, 04 Jun 2009 17:35:24 +0000 http://torrentfreak.com/?p=13583#comment-566454 A new client as been released patching this issue according to the changelog file : slsknet.org/changelog.html
Also it seems that you can still exploit this security hole by sending directly a search query to another peer using another soulseek version than 157 NS 13e

]]> By: updateslsk /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566452 Thu, 04 Jun 2009 17:33:47 +0000 http://torrentfreak.com/?p=13583#comment-566452 A new client as been released patching this issue according to the changelog file : http://slsknet.org/changelog.html
Also it seems that you can still exploit this security hole by sending directly a search query to another peer using another soulseek version than 157 NS 13e

]]> By: Soulseek inseguro | Remixtures /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566113 Wed, 03 Jun 2009 06:55:59 +0000 http://torrentfreak.com/?p=13583#comment-566113 [...] o TorrentFreak, a falha foi detectada em Julho de 2008 pelo investigador em segurança informática Laurent [...]

]]> By: Nir Arbel /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566064 Tue, 02 Jun 2009 23:08:17 +0000 http://torrentfreak.com/?p=13583#comment-566064 It wasn’t a fake patch, all major avenues of search have been protected from this kind of abuse. The last remaining avenue has to do with some legacy code, is harder to exploit, and likely to affect a much smaller number of users. A client will be released very soon to prevent this last contingency.

]]> By: phil /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-566043 Tue, 02 Jun 2009 21:01:03 +0000 http://torrentfreak.com/?p=13583#comment-566043 Fake patch !
Still works !

http://forums.slsknet.org/ipb/index.php?showtopic=24110&st=0&gopid=270684

]]> By: Bedazzler /soulseek-p2p-application-vulnerable-to-remote-takeover-090530/#comment-565716 Mon, 01 Jun 2009 17:50:12 +0000 http://torrentfreak.com/?p=13583#comment-565716 let us know if there’s update thx

]]>