SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   Flash Messaging System Vendors:   Jera Technology
Flash Messaging System Input Validation Flaw Lets Remote Users Crash the Service
SecurityTracker Alert ID:  1011569
SecurityTracker URL:  http://securitytracker.com/id/1011569
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 7 2004
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 5.2.0g (rev 1.1.2) and prior versions
Description:   Luigi Auriemma reported a vulnerability in the Flash Messaging System. A remote user can cause the service to crash.

It is reported that the server does not properly handle certain characters. A remote user can send a specially crafted message to the target server to cause the service to crash.

It is also reported that a modified client can ignore the shutdown command sent by the server, enabling the client to continue chatting.

A demonstration exploit is available at:

http://aluigi.altervista.org/poc/flashmsg.zip

The vendor was notified without response.

Impact:   A remote user can cause the target service to crash.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.flashmessage.com/ (Links to External Site)
Cause:   Exception handling error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Server crash in Flash Messaging 5.2.0g



#######################################################################

                             Luigi Auriemma

Application:  Flash Messaging
              http://www.flashmessage.com
Versions:     <= 5.2.0g (rev 1.1.2)
Platforms:    Windows
Bugs:         - server crash
              - unkickable clients
Exploitation: remote, versus server
Date:         07 October 2004
Author:       Luigi Auriemma
              e-mail: aluigi@altervista.org
              web:    http://aluigi.altervista.org


#######################################################################


1) Introduction
2) Bugs
3) The Code
4) Fix


#######################################################################

===============
1) Introduction
===============


Flash Messaging is an instant messanger for Windows and uses a
client-server architecture.


#######################################################################

=======
2) Bugs
=======


The network data exchanged between server and clients is composed by
wide chars (16 bits) and the server is not able to handle some of these
chars, the result is the immediate crash of the server.

Another bug (but very minor, just a joke) is that the shutdown command
(and any other available command) that the server can send to users to
immediately terminate their clients is just only a command that can be
easily ignored, in fact the connection will not be interrupted so the
modified clients can continue to stay connected and to chat without
problems.


#######################################################################

===========
3) The Code
===========


  http://aluigi.altervista.org/poc/flashmsg.zip

This proof-of-concept can act also as a client emulator and data
decoder, so is possible to see any raw data sent by the server and
moreover to test the "unkickable clients" problem I showed before.


#######################################################################

======
4) Fix
======


No fix.
No reply from the vendor.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.altervista.org
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC