Full Disclosure mailing list archives
Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability
From: Ferdinand Klinzer <Klinzer () gmx de>
Date: Mon, 23 Apr 2007 10:11:38 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 But that sound funny levent_ but still you are 31337 hacker pz :) Am 22.04.2007 um 17:51 schrieb Levent Kayan:
On Sun, Apr 22, 2007 at 05:41:25PM +0200, Sebastian Rother wrote:On Sun, 22 Apr 2007 01:32:35 -0400 kakaroto () kakaroto homelinux net (Youness Alaoui) wrote:Hi, I'm a developer and admin of the aMSN project, someone just sent me this link ( http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/ 053912.html ). I just grepped in the source code and that port (31337) is not used by aMSN, it could be a port used for a profile (as a locking system), in which case the port is randomly chosen each time, so this is probably just a fluke, he found the port of his current aMSN instance and used it. As I don't have more info, I can't really test this bug and find the real cause and fix it, so it would be nice to have more info about this. Seeing how the user replied on the "Vendor contacted?" tag, I wonder if I can get any more info on this matter. Thanks, KaKaRoTo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/31337 is just an example port! aMSN is binding an ephermal port after you've started it. Just do a netstat -an and look for ephermal ports. If you get the aMSN port you can connect to it and sending some characters and you'll get replies by aMSN. If you send an '{' or '}' character to that amsn port, you'll notice that aMSN is reporting an error message (amsn window). But if you going to send more than one character of '}' or '{' it will be killed. Yes, the whole client! To "Ismail Soenmez": What about "DDoS"? Sending characters to that port in an "infinite" loop is a DDoS for you? -- Name: Levent Kayan E-Mail: levent () corehack org GPG key: 0xd6794965 Key fingerprint: FD20 03C3 DD7F 51BB 224F F11E 0855 23C8 D679 4965 Website: http://www.corehack.org/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (Darwin) iD8DBQFGLGo7ivpgT1glX4cRAl27AKDWqRE2UC1MA+gATnzPdzni7In0HwCeIuv8 hDQvRnyvcsG4ap6rg9zns40= =hscD -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Youness Alaoui (Apr 22)
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ismail Dönmez (Apr 22)
- Message not available
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Levent Kayan (Apr 22)
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ismail Dönmez (Apr 22)
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Ferdinand Klinzer (Apr 23)
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Levent Kayan (Apr 23)
- Re: [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability Levent Kayan (Apr 22)