Full Disclosure mailing list archives

Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability

From: Ferdinand Klinzer <Klinzer () gmx de>
Date: Mon, 23 Apr 2007 10:11:38 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

But that sound funny levent_ but still you are 31337 hacker
pz
:)


Am 22.04.2007 um 17:51 schrieb Levent Kayan:

On Sun, Apr 22, 2007 at 05:41:25PM +0200, Sebastian Rother wrote:

On Sun, 22 Apr 2007 01:32:35 -0400
kakaroto () kakaroto homelinux net (Youness Alaoui) wrote:

Hi,

I'm a developer and admin of the aMSN project, someone just sent  
me this link
( http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/ 
053912.html ).

I just grepped in the source code and that port (31337) is not  
used by aMSN, it could be a port used for a
profile (as a locking system), in which case the port is randomly  
chosen each time, so this is probably just a
fluke, he found the port of his current aMSN instance and used it.

As I don't have more info, I can't really test this bug and find  
the real cause and fix it, so it would be nice
to have more info about this.

Seeing how the user replied on the "Vendor contacted?" tag, I  
wonder if I can get any more info on this matter.

Thanks,
KaKaRoTo

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


31337 is just an example port! aMSN is binding an ephermal port  
after you've
started it. Just do a netstat -an and look for ephermal ports. If  
you get the
aMSN port you can connect to it and sending some characters and  
you'll get
replies by aMSN.
If you send an '{' or '}' character to that amsn port, you'll notice
that aMSN is reporting an error message (amsn window).
But if you going to send more than one character of '}' or '{'
it will be killed. Yes, the whole client!

To "Ismail Soenmez": What about "DDoS"? Sending characters to that  
port in an
"infinite" loop is a DDoS for you?
-- 
Name: Levent Kayan
E-Mail: levent () corehack org
GPG key:
0xd6794965
Key fingerprint:
FD20 03C3 DD7F 51BB 224F  F11E 0855 23C8 D679 4965
Website:
http://www.corehack.org/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (Darwin)

iD8DBQFGLGo7ivpgT1glX4cRAl27AKDWqRE2UC1MA+gATnzPdzni7In0HwCeIuv8
hDQvRnyvcsG4ap6rg9zns40=
=hscD
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Youness Alaoui (Apr 22)
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ismail Dönmez (Apr 22)
- Message not available
  - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Levent Kayan (Apr 22)
    - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ismail Dönmez (Apr 22)
    - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ferdinand Klinzer (Apr 23)
    - Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Levent Kayan (Apr 23)