Server crash in Flash Messaging 5.2.0g

From: Luigi Auriemma (aluigi_at_autistici.org)
Date: 10/07/04

  • Next message: Evans, Arian: "ASP.NET cannonicalization issue"
    Date: Thu, 7 Oct 2004 18:35:20 +0000
    To: bugtraq@securityfocus.com, bugs@securitytracker.com, news@securiteam.com, full-disclosure@lists.netsys.com, vuln@secunia.com
    
    

    #######################################################################

                                 Luigi Auriemma

    Application: Flash Messaging
                  http://www.flashmessage.com
    Versions: <= 5.2.0g (rev 1.1.2)
    Platforms: Windows
    Bugs: - server crash
                  - unkickable clients
    Exploitation: remote, versus server
    Date: 07 October 2004
    Author: Luigi Auriemma
                  e-mail: aluigi@altervista.org
                  web: http://aluigi.altervista.org

    #######################################################################

    1) Introduction
    2) Bugs
    3) The Code
    4) Fix

    #######################################################################

    ===============
    1) Introduction
    ===============

    Flash Messaging is an instant messanger for Windows and uses a
    client-server architecture.

    #######################################################################

    =======
    2) Bugs
    =======

    The network data exchanged between server and clients is composed by
    wide chars (16 bits) and the server is not able to handle some of these
    chars, the result is the immediate crash of the server.

    Another bug (but very minor, just a joke) is that the shutdown command
    (and any other available command) that the server can send to users to
    immediately terminate their clients is just only a command that can be
    easily ignored, in fact the connection will not be interrupted so the
    modified clients can continue to stay connected and to chat without
    problems.

    #######################################################################

    ===========
    3) The Code
    ===========

      http://aluigi.altervista.org/poc/flashmsg.zip

    This proof-of-concept can act also as a client emulator and data
    decoder, so is possible to see any raw data sent by the server and
    moreover to test the "unkickable clients" problem I showed before.

    #######################################################################

    ======
    4) Fix
    ======

    No fix.
    No reply from the vendor.

    #######################################################################

    ---
    Luigi Auriemma
    http://aluigi.altervista.org


  • Next message: Evans, Arian: "ASP.NET cannonicalization issue"

    Relevant Pages

    • Re: Sudden Issues with DHCP & Remote Access
      ... function and when i went to run the wizard, found that the server could not ... In one fix there were instructions to change the path of the clientapps ... then re-run CEICW and reboot the workstations. ... will be assigned to dial in clients. ...
      (microsoft.public.windows.server.sbs)
    • Rogerwilco 1.4.1.2 and 1.4.1.6 remix of bugs
      ... 1.4.1.2 (server and client buffer-overflow) ... Over 2 months ago I released an advisory about the bugs of the previous ... malformed packet to the attached clients. ...
      (Bugtraq)
    • Rogerwilco 1.4.1.2 and 1.4.1.6 remix of bugs
      ... 1.4.1.2 (server and client buffer-overflow) ... Over 2 months ago I released an advisory about the bugs of the previous ... malformed packet to the attached clients. ...
      (Full-Disclosure)
    • Re: Issues after installing ISA 2004 SP1
      ... does this fix for the rpc blocking also fix the issue ... >> We have a couple of clients who have Windows server 2003 premium servers ... >> microsoft how to install. ...
      (microsoft.public.windows.server.sbs)
    • [Full-disclosure] Buffer-overflow and crash in FlatFrag 0.3
      ... Bugs ... Fix ... FlatFrag is an open source multiplayer tank game developed by Johannes ... When the server receives the NT_CONN_OK command from an unconnected ...
      (Full-Disclosure)