Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

DoS in Bird Chat 1.61

from [Donato Ferrante] Network Security [Permanent Link]
Subject: DoS in Bird Chat 1.61
Date: Mon, 23 Aug 2004 12:49:50 -0000 

                           Donato Ferrante


Application:  Bird Chat
              http://birdchat.sourceforge.net/

Version:      1.61

Bug:          Denial Of Service

Date:         23-Aug-2004

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Bird Chat is a chat client / server software designed with an easy
and simple interface."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The bug is a denial of service versus clients, in fact an attacker
can crash all the chat clients connected to the chat server, by
using few fake users.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability:

http://www.autistici.org/fdonato/poc/BirdChat[161]DoS-poc.zip



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

No fix.
The vendor has not answered to my signalations.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • DoS in Bird Chat 1.61, Donato Ferrante <=
Previous by Date:  MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit, Tal0n
Next by Date:  Re: Fwd: Re: Posible security bug in phpMyWebhosting, Matias Neiff
Previous by Thread:  MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit, Tal0n
Next by Thread:  Multiple Cross Site Scripting Vulnerabilities in eGroupWare, Joxean Koret
Indexes:  [Date] [Thread] [Top] [All Lists]