Chat Anywhere Can Be Crashed By Remote Users With Specially Crafted Username
|
|
SecurityTracker Alert ID: 1011080
|
|
SecurityTracker URL: http://securitytracker.com/id?1011080
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Aug 27 2004
|
Impact: Denial of service via network
|
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): 2.72a
|
Description: Donato Ferrante reported a vulnerability in Chat Anywhere. A remote user can cause the chat service to crash.
It is reported that the server does not properly manage fake user accounts. A remote user can connect to the service and supply
a specially crafted username beginning with a '%' character and followed by a null character and arbitrary characters. This will
cause the chat service to crash and cause the connected clients to consume CPU resources.
Some demonstration exploits are available
at:
http://www.autistici.org/fdonato/poc/ChatAnywhere[272a]DoS-poc.zip
http://aluigi.altervista.org/poc/chatanydos.zip
The
vendor was originally notified on December 4, 2003 by Luigi Auriemma.
|
Impact: A remote user can cause the target chat service to crash.
|
Solution: No solution was available at the time of this entry. The vendor is reportedly planning to issue a fix in the next release. Until that time, the vendor recommends that you add password protection to protect the chat room.
|
Vendor URL: www.lionmax.com/chatanywhere.htm (Links to External Site)
|
Cause: Exception handling error, Input validation error
|
Underlying OS: Windows (Any)
|
Reported By: "Donato Ferrante" <fdonato@autistici.org>
|
Message History:
None.
|
Source Message Contents
|
Date: Fri, 27 Aug 2004 17:36:22 -0000
From: "Donato Ferrante" <fdonato@autistici.org>
Subject: DoS in Chat Anywhere 2.72a
|
Donato Ferrante
Application: Chat Anywhere
http://www.lionmax.com/chatanywhere.htm
Version: 2.72a
Bug: Denial Of Service
Date: 27-Aug-2004
Authors:
Donato Ferrante
e-mail: fdonato@autistici.org
web: www.autistici.org/fdonato
Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.altervista.org
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Chat Anywhere is a Web-based chat server for real-time chatting.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The chat server is unable to manage fake users.
So an attacker can crash the chat server and also consume a lot of CPU
resources to all the real clients connected, by using fake users.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability:
http://www.autistici.org/fdonato/poc/ChatAnywhere[272a]DoS-poc.zip
or:
http://aluigi.altervista.org/poc/chatanydos.zip
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
The bug was initially found on 4 Dec 2003 in the version 2.72,
and reported to the vendor by Luigi Auriemma, but the vendor probably
forgot to fix it.
So the vendor was contacted for the same bug in the next version 2.72a,
and now the vendor is planning to fix the bug in the next release.
In the meantime vendor recommends to add password protection to protect
the chat room.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
