Published:2010/08/20 Last Updated:2010/08/20
JVN#25393522
Winny node information processing vulnerability
Critical
Overview
Winny contains a vulnerability in the processing of node information.
Products Affected
- Winny 2.0b7.1 and earlier
Description
Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of node information, which can be used to launch Distributed Denial of Service (DDoS) attacks.
Impact
A user may take part in a DDoS attack by a remote attacker.
Solution
Do not use Winny
Please discontinue use of Winny.
Vendor Status
References
JPCERT/CC Addendum
According to the attorney of the developer, due to the on-going litigation, there is no timetable for an update as of August 20, 2010.
Vulnerability Analysis by JPCERT/CC
Credit
Fuyumasa Takatsu of University of Tsukuba reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2010-2362 |
| JVN iPedia |
JVNDB-2010-000028 |