Published:2010/08/20 Last Updated:2010/08/20
JVN#54336184
Winny BBS information processing vulnerability
Critical
Overview
Winny contains a vulnerability in the processing of BBS information.
Products Affected
- Winny 2.0b7.1 and earlier
Description
Winny is a P2P file sharing software. Winny contains a vulnerability in the processing of BBS information, which can be used to launch Distributed Denial of Service (DDoS) attacks.
Impact
A user may take part in a DDoS attack by a remote attacker.
Solution
Do not use Winny
Please discontinue use of Winny.
Vendor Status
References
JPCERT/CC Addendum
According to the attorney of the developer, due to the on-going litigation, there is no timetable for an update as of August 20, 2010.
Vulnerability Analysis by JPCERT/CC
Credit
Yuji Ukai of eEye Digital Security reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
JPCERT Alert | |
JPCERT Reports | |
CERT Advisory |
|
CPNI Advisory |
|
TRnotes |
|
CVE |
CVE-2010-2361 |
JVN iPedia |
JVNDB-2010-000027 |