| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Apr 2007 16:18:05 +0200
From: Levent Kayan <levent@...ehack.org>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Amsn-devel] aMSN <= 0.96 remote DoS
vulnerability
On Mon, Apr 23, 2007 at 10:11:38AM +0200, Ferdinand Klinzer wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> But that sound funny levent_ but still you are 31337 hacker
> pz
> :)
>
>
> Am 22.04.2007 um 17:51 schrieb Levent Kayan:
>
> > On Sun, Apr 22, 2007 at 05:41:25PM +0200, Sebastian Rother wrote:
> >> On Sun, 22 Apr 2007 01:32:35 -0400
> >> kakaroto@...aroto.homelinux.net (Youness Alaoui) wrote:
> >>
> >>> Hi,
> >>>
> >>> I'm a developer and admin of the aMSN project, someone just sent
> >>> me this link
> >>> ( http://lists.grok.org.uk/pipermail/full-disclosure/2007-April/
> >>> 053912.html ).
> >>>
> >>> I just grepped in the source code and that port (31337) is not
> >>> used by aMSN, it could be a port used for a
> >>> profile (as a locking system), in which case the port is randomly
> >>> chosen each time, so this is probably just a
> >>> fluke, he found the port of his current aMSN instance and used it.
> >>>
> >>> As I don't have more info, I can't really test this bug and find
> >>> the real cause and fix it, so it would be nice
> >>> to have more info about this.
> >>>
> >>> Seeing how the user replied on the "Vendor contacted?" tag, I
> >>> wonder if I can get any more info on this matter.
> >>>
> >>> Thanks,
> >>> KaKaRoTo
> >>>
> >>> _______________________________________________
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >
> > 31337 is just an example port! aMSN is binding an ephermal port
> > after you've
> > started it. Just do a netstat -an and look for ephermal ports. If
> > you get the
> > aMSN port you can connect to it and sending some characters and
> > you'll get
> > replies by aMSN.
> > If you send an '{' or '}' character to that amsn port, you'll notice
> > that aMSN is reporting an error message (amsn window).
> > But if you going to send more than one character of '}' or '{'
> > it will be killed. Yes, the whole client!
> >
> > To "Ismail Soenmez": What about "DDoS"? Sending characters to that
> > port in an
> > "infinite" loop is a DDoS for you?
> > --
> > Name: Levent Kayan
> > E-Mail: levent@...ehack.org
> > GPG key:
> > 0xd6794965
> > Key fingerprint:
> > FD20 03C3 DD7F 51BB 224F F11E 0855 23C8 D679 4965
> > Website:
> > http://www.corehack.org/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.3 (Darwin)
>
> iD8DBQFGLGo7ivpgT1glX4cRAl27AKDWqRE2UC1MA+gATnzPdzni7In0HwCeIuv8
> hDQvRnyvcsG4ap6rg9zns40=
> =hscD
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
y0 bart ;-P hehe, indeed :P kinda stupid bug *spitting*
--
Name: Levent Kayan
E-Mail: levent@...ehack.org
GPG key:
0xd6794965
Key fingerprint:
FD20 03C3 DD7F 51BB 224F F11E 0855 23C8 D679 4965
Website:
http://www.corehack.org/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists