Breaking News -
Security:
Researchers Discover Security
Problem With SETI@home
Several versions of the screensaver, which helps in the Search for
Extraterrestrial Intelligence by observing data retrieved by the world's
largest radio telescope, is vulnerable to Information leakage and remotely
exploitable buffer overflow flaw risks.
Individuals on all platforms are subject to information leakage (the bug
reveals the processor type and OS of a user when work units are downloaded)
and a buffer overflow vulnerability. The main SETI@home server at
shserver2.ssl.berkeley.edu "has been confirmed" as vulnerable to denial of
service attack through a similar buffer overflow flaw.
The discovery of the vulnerability, which was discovered by Berend-Jan
Wever,
says these type of harmful attacks are not to be considered trivial.
"An attacker would have to reroute the connection the client tries to make
to
the SETI@home webserver to a machine he or she controls," he writes in an
advisory.
The SETI@home team said that "to our knowledge, no SETI@home client has
ever
been attacked in this manner".
Nonetheless the issue has prompted the creation of version 3.08 of the
screensaver, described as a "precautionary security release".
There are currently over four million registered users of SETI@home, more
than
half a million of whom have returned at least one result within the last four
weeks.
|
