Soulseek P2P Application Vulnerable to Remote Takeover | TorrentFreakSoulseek is one the greatest music sharing networks that most people have never heard of, with a particular specialty in electronic music. Unfortunately, for nearly a year those using versions of the official client have been exposed to a highly critical vulnerability which can leave them open to remote takeover.
"I just remembered something that happened a long time ago."
 |
 |
 |
 |
 |
 |
 |
     |
Damn, and I use soulseek on a weekly basis. Thanks for the advice, will try this Nicotine plus as suggested on the article.
it's hip to be square
looks like it has been fixed:
from slsk forums:
There's a number of us monitoring this sort of thing and we all seem to have heard about it in the last two days. I'm not doubting mr. Laurent Gaffie had tried contacting us in the last year, but none of us had intercepted any communication of the sort. Anyway, not restricting search packet length is definitely an oversight on my part. There's a limit on general packet length but I can see how that wouldn't be sufficient. I've placed a 256 character limit on all manners of search (distributed, room, userlist) on both the old and new servers. This needs only be done server-side and doesn't require a client update. I hope this should effectively plug the security hole, but will keep looking for any further signs of vulnerability. Thanks, Nir
Posting Permissions
Reply With Quote
Bookmarks