Bugtraq mailing list archives
Denial Of Service in FreeChat 1.1.1a
From: "Donato Ferrante" <fdonato () autistici org>
Date: Thu, 26 Feb 2004 08:11:11 -0000
Donato Ferrante Application: FreeChat http://sourceforge.net/projects/vbfreechat/ Version: 1.1.1a Bug: Denial Of Service Author: Donato Ferrante e-mail: fdonato () autistici org web: www.autistici.org/fdonato xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 1. Description 2. The bug 3. The code 4. The fix xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ---------------- 1. Description: ---------------- Vendor's Description: "FreeChat is a webserver with support for a browser based streaming chat written in Visual Basic 6. The chat so far supports multiple rooms (public/private), graphical emicons, whispering, multiple languages and more." xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 2. The bug: ------------ The server is not able to manage crafted strings. In fact it will crash. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------- 3. The code: ------------- To test the vulnerability simply send to the chat server, a string like: "aaaaa" xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx ------------ 4. The fix: ------------ No fix. The vendor has not answered to my signalations. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Current thread:
- Denial Of Service in FreeChat 1.1.1a Donato Ferrante (Feb 26)