SecurityTracker.com Archives - Bird Chat Clients Can Be Crashed By a Remote User

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Instant Messaging/IRC/Chat) > Bird Chat

Vendors: birdchat.sourceforge.net

Bird Chat Clients Can Be Crashed By a Remote User

SecurityTracker Alert ID: 1011029

SecurityTracker URL: http://securitytracker.com/id?1011029

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Aug 23 2004

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 1.61

Description: Donato Ferrante reported a vulnerability in Bird Chat. A remote user can cause denial of service conditions.

It is reported that a remote user can create some fake users and connect to the target server to cause all connected chat clients to crash.

A demonstration exploit is available at:

http://www.autistici.org/fdonato/poc/BirdChat[161]DoS-poc.zip

The vendor has reportedly been notified without response.

Impact: A remote user can cause all connected chat clients to crash.

Solution: No solution was available at the time of this entry.

Vendor URL: birdchat.sourceforget.net/ (Links to External Site)

Cause: Exception handling error

Underlying OS: Windows (Any)

Reported By: "Donato Ferrante" <fdonato@autistici.org>

Message History: None.

Source Message Contents

Date: Mon, 23 Aug 2004 12:48:28 -0000
From: "Donato Ferrante" <fdonato@autistici.org>
Subject: DoS in Bird Chat 1.61

 
 
 
                           Donato Ferrante
 
 
Application:  Bird Chat
              http://birdchat.sourceforge.net/
 
Version:      1.61
 
Bug:          Denial Of Service
 
Date:         23-Aug-2004
 
Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato
 
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
1. Description
2. The bug
3. The code
4. The fix
 
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
----------------
1. Description:
----------------
 
Vendor's Description:
 
"Bird Chat is a chat client / server software designed with an easy
and simple interface."
 
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
------------
2. The bug:
------------
 
The bug is a denial of service versus clients, in fact an attacker
can crash all the chat clients connected to the chat server, by
using few fake users.
 
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-------------
3. The code:
-------------
 
To test the vulnerability:
 
http://www.autistici.org/fdonato/poc/BirdChat[161]DoS-poc.zip
 
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
------------
4. The fix:
------------
 
No fix.
The vendor has not answered to my signalations.
 
 
 
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2004, SecurityGlobal.net LLC