lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041112205243.35a414fd.aluigi@autistici.org> Date: Fri, 12 Nov 2004 20:52:43 +0000 From: Luigi Auriemma <aluigi@...istici.org> To: bugtraq@...urityfocus.com, bugs@...uritytracker.com, news@...uriteam.com, full-disclosure@...ts.netsys.com, vuln@...unia.com Subject: Crash in Secure Network Messenger 1.4.2 ####################################################################### Luigi Auriemma Application: Secure Network Messenger http://www.networkmessengers.com/msg/ Versions: <= 1.4.2 Platforms: Windows Bug: crash Exploitation: remote Date: 12 November 2004 Author: Luigi Auriemma e-mail: aluigi@...ervista.org web: http://aluigi.altervista.org ####################################################################### 1) Introduction 2) Bug 3) The Code 4) Fix ####################################################################### =============== 1) Introduction =============== Secure Network Messenger is a LAN messenger for Windows for exchanging encrypted messages and files. ####################################################################### ====== 2) Bug ====== Is possible to crash the program sending malformed data. ####################################################################### =========== 3) The Code =========== Launch a telnet client and connect to the victim host on port 6144. Now press RETURN about 10 times or more. Disconnect, reconnect again and press RETURN. The remote host should be crashed. ####################################################################### ====== 4) Fix ====== No fix. Over one month ago the developers said that they had to fix this bug soon... no patch has been released yet. ####################################################################### --- Luigi Auriemma http://aluigi.altervista.org
Powered by blists - more mailing lists