easy12.txt

easy12.txt: Posted Jul 2, 2004; Authored by Donato Ferrante | Site autistici.org; Easy Chat Server version 1.2 is susceptible to multiple denial of service vulnerabilities.; tags | advisory, denial of service, vulnerability; SHA-256 | c14351e99bc7c75e715099537ef5a044db63e359260141a3b392bcedcdb5a32d; Download | Favorite | View

easy12.txt


                           Donato Ferrante


Application:  Easy Chat Server
              http://www.echatserver.com/

Version:      1.2

Bugs:         Multiple Vulnerabilities

Date:         02-Jul-2004

Author:       Donato Ferrante
              e-mail: fdonato@autistici.org
              web:    www.autistici.org/fdonato



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bugs
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"Easy Chat Server is a easy, fast and affordable way to host and manage
your own real-time communication software, it allows friends/colleagues
to chat with you through a Web Browser (IE, Netscape, Mozilla, Opera
etc.) on any computer (Windows, Linux, Solaris...) without any special
plug-ins or software. It can help you setup your community chat rooms,
collaborative work sessions or online meetings."



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
2. The bugs:
-------------

The program has two DoS vulnerabilties, due to:

- long username
- fake users


[1] The program doesn't correctly manage the username, in fact if you
    try to send a big username string to the server it will crash.


[2] The program has no strong checks on the users who join into free
    rooms. In fact it's possible to add a large number of fake users
    and the chat server will go down.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerabilities:

[1] 
    GET /chat.ghp?username=aaaa[ 295 of a ]aaaa&password=&room=1&sex=0
    Host: http://[host]

[2] 
    GET /chat.ghp?username=FakeUser&password=&room=1&sex=0
    Host: http://[host]
    ( this will add a fake user with name: FakeUser )



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bugs will be fixed in the next version.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

easy12.txt

easy12.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

easy12.txt

Share This

easy12.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems