| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20051109000140.29652.qmail@securityfocus.com> Date: 9 Nov 2005 00:01:40 -0000 From: natalylopez380@...mail.com To: bugtraq@...urityfocus.com Subject: New Bug KESM in GoogleTalk Hi!! My name is Nataly Lopez, I'm a 17 years old girl living in Venezuela; I have always loved computer security because that's also my father's work. Well, the reason for me to post this is for telling you about a bug in Google Talk I discovered with my friend chris77 (#velug @ irc.freenode.net) this afternoon. Google Talk's excellent features allow the user to know when contacts send mails without configuring any passports, etc., well, you know that. What's really funny is: one can generate remote errors in the users' systems connected to Google Talk, and thus creating a kind of DoS. So Google Talk stops working if it has email notification enabled: it suffices to type this command in a Linux shell (nail must be installed of course): echo kill | nail -s Kill -r "" victim@...il.com This instruction is quite simple, and will send an email to the user being connected to Google Talk from a certain "unknown sender", and as you can see, GoogleTalk Windows client cannot notify <> is sending an email. Therefore, an error windows appears on screen: [ Google Talk encountered an internal error, and must now close. Ok to report this error to Google? ] [Yes] [No] We called this bug KESM, which stands for "Killer Empty Sender Message" :) and one can easily implement it into a loop, keeping the victim busy clicking on the YES button and resetting his connection to Google Talk. That's all for now folks :-)
Powered by blists - more mailing lists