Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16816
HistoryApr 22, 2007 - 12:00 a.m.

Re: [Full-disclosure] [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability

2007-04-2200:00:00
vulners.com
19
JSON

On Sun, Apr 22, 2007 at 05:41:25PM +0200, Sebastian Rother wrote:
> On Sun, 22 Apr 2007 01:32:35 -0400
> [email protected] (Youness Alaoui) wrote:
>
> > Hi,
> >
> > I'm a developer and admin of the aMSN project, someone just sent me this link
> > ( http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/053912.html ).
> >
> > I just grepped in the source code and that port (31337) is not used by aMSN, it could be a port used for a
> > profile (as a locking system), in which case the port is randomly chosen each time, so this is probably just a
> > fluke, he found the port of his current aMSN instance and used it.
> >
> > As I don't have more info, I can't really test this bug and find the real cause and fix it, so it would be nice
> > to have more info about this.
> >
> > Seeing how the user replied on the "Vendor contacted?" tag, I wonder if I can get any more info on this matter.
> >
> > Thanks,
> > KaKaRoTo
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/

31337 is just an example port! aMSN is binding an ephermal port after you've
started it. Just do a netstat -an and look for ephermal ports. If you get the
aMSN port you can connect to it and sending some characters and you'll get
replies by aMSN.
If you send an '{' or '}' character to that amsn port, you'll notice
that aMSN is reporting an error message (amsn window).
But if you going to send more than one character of '}' or '{'
it will be killed. Yes, the whole client!

To "Ismail Soenmez": What about "DDoS"? Sending characters to that port in an
"infinite" loop is a DDoS for you?

Name: Levent Kayan
E-Mail: [email protected]
GPG key:
0xd6794965
Key fingerprint:
FD20 03C3 DD7F 51BB 224F F11E 0855 23C8 D679 4965
Website:
http://www.corehack.org/

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON