SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   Chat Anywhere Vendors:   LionMax Software
Chat Anywhere Can Be Crashed By Remote Users With Specially Crafted Username
SecurityTracker Alert ID:  1011080
SecurityTracker URL:  http://securitytracker.com/id/1011080
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Aug 27 2004
Impact:   Denial of service via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2.72a
Description:   Donato Ferrante reported a vulnerability in Chat Anywhere. A remote user can cause the chat service to crash.

It is reported that the server does not properly manage fake user accounts. A remote user can connect to the service and supply a specially crafted username beginning with a '%' character and followed by a null character and arbitrary characters. This will cause the chat service to crash and cause the connected clients to consume CPU resources.

Some demonstration exploits are available at:

http://www.autistici.org/fdonato/poc/ChatAnywhere[272a]DoS-poc.zip

http://aluigi.altervista.org/poc/chatanydos.zip

The vendor was originally notified on December 4, 2003 by Luigi Auriemma.

Impact:   A remote user can cause the target chat service to crash.
Solution:   No solution was available at the time of this entry. The vendor is reportedly planning to issue a fix in the next release. Until that time, the vendor recommends that you add password protection to protect the chat room.
Vendor URL:  www.lionmax.com/chatanywhere.htm (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  DoS in Chat Anywhere 2.72a



                           Donato Ferrante


Application:  Chat Anywhere
              http://www.lionmax.com/chatanywhere.htm

Version:      2.72a

Bug:          Denial Of Service

Date:         27-Aug-2004

Authors:      
              Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato

              Luigi Auriemma
              e-mail: aluigi@autistici.org
              web:    aluigi.altervista.org



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Chat Anywhere is a Web-based chat server for real-time chatting.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The chat server is unable to manage fake users.
So an attacker can crash the chat server and also consume a lot of CPU
resources to all the real clients connected, by using fake users.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability:


http://www.autistici.org/fdonato/poc/ChatAnywhere[272a]DoS-poc.zip

or:

http://aluigi.altervista.org/poc/chatanydos.zip



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

The bug was initially found on 4 Dec 2003 in the version 2.72,
and reported to the vendor by Luigi Auriemma, but the vendor probably
forgot to fix it.
So the vendor was contacted for the same bug in the next version 2.72a,
and now the vendor is planning to fix the bug in the next release.
In the meantime vendor recommends to add password protection to protect
the chat room.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC