SecurityTracker.com Archives - PopMessenger Can Be Crashed By Remote Users With Specially Crafted Messages

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Instant Messaging/IRC/Chat) > PopMessenger

Vendors: LeadMind Development

PopMessenger Can Be Crashed By Remote Users With Specially Crafted Messages

SecurityTracker Alert ID: 1011382

SecurityTracker URL: http://securitytracker.com/id?1011382

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Sep 22 2004

Impact: Denial of service via network

Fix Available: Yes Exploit Included: Yes Vendor Confirmed: Yes

Version(s): 1.60 (before 20 Sep 2004) and prior versions

Description: Luigi Auriemma reported a vulnerability in PopMessenger. A remote user can cause the application to crash.

It is reported that a remote user can send a message with illegal Base64 characters (such as '%' or '_') approximately 15 times to cause the application to crash.

Demonstration exploit code is available at:

http://aluigi.altervista.org/poc/popmsgboom.zip

Impact: A remote user can cause the target application to crash.

Solution: The vendor has released a fix, but did not increment the product version number from 1.60. Copies downloaded after September 20, 2004 include the fix.

Vendor URL: www.leadmind.com/ (Links to External Site)

Cause: Exception handling error, Input validation error

Underlying OS: Windows (Any)

Reported By: Luigi Auriemma <aluigi@autistici.org>

Message History: None.

Source Message Contents

Date: Tue, 21 Sep 2004 18:48:31 +0000
From: Luigi Auriemma <aluigi@autistici.org>
Subject: Broadcast crash in Popmessenger 1.60 (before 20 Sep 2004)

 
 
 
#######################################################################
 
                             Luigi Auriemma
 
Application:  PopMessenger
              http://www.leadmind.com
Versions:     <= 1.60 (before 20 Sep 2004)
Platforms:    Windows
Bug:          crash
Risk:         medium
Exploitation: remote (broadcast)
Date:         21 September 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org
 
 
#######################################################################
 
 
1) Introduction
2) Bug
3) The Code
4) Fix
 
 
#######################################################################
 
===============
1) Introduction
===============
 
 
PopMessenger is a LAN messenger for Windows with some features.
 
 
#######################################################################
 
======
2) Bug
======
 
 
The messages exchanged with this program are encrypted with the
Blowfish algorithm and then converted to plain-text with Base64.
 
The problem is located just in the Base64 function because the program
shows an alert dialog if there are illegal chars in a message (like %
or _).
After about 15 consecutive dialogs the program definitely crashs.
 
 
#######################################################################
 
===========
3) The Code
===========
 
 
http://aluigi.altervista.org/poc/popmsgboom.zip
 
 
#######################################################################
 
======
4) Fix
======
 
 
The vendor has released a new version without changing the version
number (1.60).
All the programs downloaded after the 20 September 2004 are not
vulnerable.
 
 
#######################################################################
 
 
--- 
Luigi Auriemma
http://aluigi.altervista.org

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC