[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Mldonkey-users] Re: Mldonkey and anonymity
|
From: |
b8_bavard |
|
Subject: |
Re: [Mldonkey-users] Re: Mldonkey and anonymity |
|
Date: |
Wed, 28 May 2003 10:11:26 +0200 |
> Vulnerability Overview
> ----------------------
> There exists a vulnerability in the FastTrack network
> core that can be used by an attacker to take control
> of all FastTrack network supernodes. The attacker can
> either crash all supernodes or insert arbitrary code
> in each supernode's address space. Crashing all
> supernodes means that no-one can search for files on
> the FT network or connect to the FT network.
>
> More on BugTraq...
We are aware of this problem, and working on... no, I'm joking, one of
the main advantages of using Objective-Caml, as I said in a previous
mail, is that all attacks based on buffer overflows are completely
useless on MLdonkey. Moreover, contrary to most C implementations,
where the messages are directly used as C structs, MLdonkey translates
everything, mainly to avoid problems with littleEndian/bigEndian, but
also because messages are easier to manipulate when thanslated in
Objective-Caml types.
- b8_bavard (mldonkey)
--------------------------------------
Homepage: http://www.mldonkey.net/
--------------------------------------