[36323] in bugtraq
DoS in Chat Anywhere 2.72a
daemon@ATHENA.MIT.EDU (Donato Ferrante)
Tue Aug 31 01:07:50 2004
Date: Fri, 27 Aug 2004 17:37:51 -0000
To: <bugtraq@securityfocus.com>
From: "Donato Ferrante" <fdonato@autistici.org>
Message-Id: <20040827173751.D0E7724423@chernobyl.investici.org>
Donato Ferrante
Application: Chat Anywhere
http://www.lionmax.com/chatanywhere.htm
Version: 2.72a
Bug: Denial Of Service
Date: 27-Aug-2004
Authors:
Donato Ferrante
e-mail: fdonato@autistici.org
web: www.autistici.org/fdonato
Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.altervista.org
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
1. Description
2. The bug
3. The code
4. The fix
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
----------------
1. Description:
----------------
Chat Anywhere is a Web-based chat server for real-time chatting.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
2. The bug:
------------
The chat server is unable to manage fake users.
So an attacker can crash the chat server and also consume a lot of CPU
resources to all the real clients connected, by using fake users.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------
3. The code:
-------------
To test the vulnerability:
http://www.autistici.org/fdonato/poc/ChatAnywhere[272a]DoS-poc.zip
or:
http://aluigi.altervista.org/poc/chatanydos.zip
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
------------
4. The fix:
------------
The bug was initially found on 4 Dec 2003 in the version 2.72,
and reported to the vendor by Luigi Auriemma, but the vendor probably
forgot to fix it.
So the vendor was contacted for the same bug in the next version 2.72a,
and now the vendor is planning to fix the bug in the next release.
In the meantime vendor recommends to add password protection to protect
the chat room.
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
