DoS in Webbsyte Chat 0.9.0

From: Donato Ferrante (fdonato_at_autistici.org)
Date: 08/03/04

  • Next message: Kim Scarborough: "Re: New possible scam method : forged websites using XUL (Firefox)"
    Date: Tue, 3 Aug 2004 12:19:48 -0000
    To: <bugtraq@securityfocus.com>
    
    

                               Donato Ferrante

    Application: Webbsyte Chat
                  http://sourceforge.net/projects/wchat/

    Version: 0.9.0

    Bug: Denial Of Service

    Date: 02-Aug-2004

    Author: Donato Ferrante
                  e-mail: fdonato@autistici.org
                  web: www.autistici.org/fdonato

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    1. Description
    2. The bug
    3. The code
    4. The fix

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ----------------
    1. Description:
    ----------------

    Vendor's Description:

    "Webbsyte Chat lets you keep in touch with people all around the
    world!"

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ------------
    2. The bug:
    ------------

    The chat server doesn't correctly manage raw requests, in fact it will
    crash with the following error:

    "Run-time error '40006':
    Wrong protocol or connection state for the requested transaction or
    request"

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    -------------
    3. The code:
    -------------

    To test the vulnerability:

    establish about 40 raw connections (like telnet) with the chat server.
    NOTE: 40 is the maximum number of connections needed to test this bug.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

    ------------
    4. The fix:
    ------------

    Vendor was contacted.
    The program is no more supported.

    xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


  • Next message: Kim Scarborough: "Re: New possible scam method : forged websites using XUL (Firefox)"

    Relevant Pages