[Full-Disclosure] DoS in Chat Anywhere 2.72a

• Previous message: i.t Consulting: "[Full-Disclosure] Re: ask apple..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Fri, 27 Aug 2004 17:33:48 -0000

                           Donato Ferrante

Application: Chat Anywhere
              http://www.lionmax.com/chatanywhere.htm

Version: 2.72a

Bug: Denial Of Service

Date: 27-Aug-2004

Authors:
              Donato Ferrante
              e-mail: fdonato@autistici.org
              web: www.autistici.org/fdonato

              Luigi Auriemma
              e-mail: aluigi@autistici.org
              web: aluigi.altervista.org

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Chat Anywhere is a Web-based chat server for real-time chatting.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The chat server is unable to manage fake users.
So an attacker can crash the chat server and also consume a lot of CPU
resources to all the real clients connected, by using fake users.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability:

http://www.autistici.org/fdonato/poc/ChatAnywhere[272a]DoS-poc.zip

or:

http://aluigi.altervista.org/poc/chatanydos.zip

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

The bug was initially found on 4 Dec 2003 in the version 2.72,
and reported to the vendor by Luigi Auriemma, but the vendor probably
forgot to fix it.
So the vendor was contacted for the same bug in the next version 2.72a,
and now the vendor is planning to fix the bug in the next release.
In the meantime vendor recommends to add password protection to protect
the chat room.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: i.t Consulting: "[Full-Disclosure] Re: ask apple..."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Complicated Disclosure Scenario ... either A) they put you on pay roll and you fix all ... Initially the bug presented itself as a way to ... > before they began creating an advisory or even working on a patch. ... > I informed this vendor, who is by no means short on resources, that I ... (Vuln-Dev) Re: SBCL just turned 1.0! ... >> but we had a magical support contract, ... TB> Tell them to get their finger out and fix the bloody problem, ... so that you changing to another vendor will cost you more than it does ... If "This is a showstopper bug, and if you can't fix it, we'll have to ... (comp.lang.lisp) [Full-Disclosure] Re: Announcing new security mailing list ... so go out and fix the bug". ... We are not saying that the vendor ... I believe the bugtraq moderators understand ... (Full-Disclosure) [Full-Disclosure] Re: Announcing new security mailing list ... so go out and fix the bug". ... We are not saying that the vendor ... I believe the bugtraq moderators understand ... (Full-Disclosure) [Full-Disclosure] Re: Announcing new security mailing list ... so go out and fix the bug". ... We are not saying that the vendor ... I believe the bugtraq moderators understand ... (Full-Disclosure)