Freeze in Pigeon Server 3.02.0143

From: Luigi Auriemma (aluigi_at_autistici.org)
Date: 09/16/04

Next message: Boren, Rich (SSRT): "[security bulletin] SSRT4739 rev.0 HP WebJetadmin arbitrary command execution"

Previous message: Harrison Gladden: "Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 16 Sep 2004 18:28:42 +0000
To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.netsys.com, vuln@secunia.com

#######################################################################

Luigi Auriemma

Application: Pigeon Server
              http://www.tech-noel.com
Versions: <= 3.02.0143
Platforms: Windows
Bug: freeze
Risk: medium
Exploitation: remote, versus server
Date: 16 September 2004
Author: Luigi Auriemma
              e-mail: aluigi@altervista.org
              web: http://aluigi.altervista.org

#######################################################################

1) Introduction
2) Bug
3) The Code
4) Fix

#######################################################################

===============
1) Introduction
===============

Pigeon is a communication system for LANs and uses a clients-server
architecture.

#######################################################################

======
2) Bug
======

A login field longer than 8180 chars sent to the port 3103 causes the
immediate freeze of the Pigeon server that enters in an infinite loop,
so CPU raises at 100% and is impossible to login and to send/receive
messages.

#######################################################################

===========
3) The Code
===========

http://aluigi.altervista.org/poc/pigeonx.zip

#######################################################################

======
4) Fix
======

Version 3.03.146:

ftp://ftp.tech-noel.com/PigeonServerUpd.exe

#######################################################################

---
Luigi Auriemma
http://aluigi.altervista.org

Next message: Boren, Rich (SSRT): "[security bulletin] SSRT4739 rev.0 HP WebJetadmin arbitrary command execution"

Previous message: Harrison Gladden: "Re: Vulnerability in IBM Windows XP: default hidden Administrator account allows local Administrator access"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[Full-Disclosure] Freeze in Pigeon Server 3.02.0143
... Application: Pigeon Server ... Bug ... Fix ... A login field longer than 8180 chars sent to the port 3103 causes the ...
(Full-Disclosure)
Freeze in Pigeon Server 3.02.0143
... Application: Pigeon Server ... Bug ... Fix ... A login field longer than 8180 chars sent to the port 3103 causes the ...
(Full-Disclosure)