Full Disclosure mailing list archives

Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability

From: Levent Kayan <levent () corehack org>
Date: Sun, 22 Apr 2007 17:51:39 +0200

On Sun, Apr 22, 2007 at 05:41:25PM +0200, Sebastian Rother wrote:

On Sun, 22 Apr 2007 01:32:35 -0400
kakaroto () kakaroto homelinux net (Youness Alaoui) wrote:

Hi,
 
I'm a developer and admin of the aMSN project, someone just sent me this link 
( http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053912.html ).
 
I just grepped in the source code and that port (31337) is not used by aMSN, it could be a port used for a 
profile (as a locking system), in which case the port is randomly chosen each time, so this is probably just a 
fluke, he found the port of his current aMSN instance and used it. 
 
As I don't have more info, I can't really test this bug and find the real cause and fix it, so it would be nice 
to have more info about this. 
 
Seeing how the user replied on the "Vendor contacted?" tag, I wonder if I can get any more info on this matter.
 
Thanks,
KaKaRoTo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


31337 is just an example port! aMSN is binding an ephermal port after you've
started it. Just do a netstat -an and look for ephermal ports. If you get the
aMSN port you can connect to it and sending some characters and you'll get
replies by aMSN. 
If you send an '{' or '}' character to that amsn port, you'll notice
that aMSN is reporting an error message (amsn window). 
But if you going to send more than one character of '}' or '{' 
it will be killed. Yes, the whole client!

To "Ismail Soenmez": What about "DDoS"? Sending characters to that port in an
"infinite" loop is a DDoS for you? 
-- 
Name: Levent Kayan
E-Mail: levent () corehack org
GPG key: 
0xd6794965
Key fingerprint:
FD20 03C3 DD7F 51BB 224F  F11E 0855 23C8 D679 4965
Website:
http://www.corehack.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Youness Alaoui (Apr 22)
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ismail Dönmez (Apr 22)
- Message not available
  - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Levent Kayan (Apr 22)
    - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ismail Dönmez (Apr 22)
    - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ferdinand Klinzer (Apr 23)
    - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Levent Kayan (Apr 23)