DoS in Chat Anywhere 2.72a

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: DoS in Chat Anywhere 2.72a
From: "Donato Ferrante" <fdonato@xxxxxxxxxxxxx>
Date: Fri, 27 Aug 2004 17:37:51 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

                           Donato Ferrante


Application:  Chat Anywhere
              http://www.lionmax.com/chatanywhere.htm

Version:      2.72a

Bug:          Denial Of Service

Date:         27-Aug-2004

Authors:      
              Donato Ferrante
              e-mail: fdonato@xxxxxxxxxxxxx
              web:    www.autistici.org/fdonato

              Luigi Auriemma
              e-mail: aluigi@xxxxxxxxxxxxx
              web:    aluigi.altervista.org



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Chat Anywhere is a Web-based chat server for real-time chatting.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

The chat server is unable to manage fake users.
So an attacker can crash the chat server and also consume a lot of CPU
resources to all the real clients connected, by using fake users.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability:


http://www.autistici.org/fdonato/poc/ChatAnywhere[272a]DoS-poc.zip

or:

http://aluigi.altervista.org/poc/chatanydos.zip



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

The bug was initially found on 4 Dec 2003 in the version 2.72,
and reported to the vendor by Luigi Auriemma, but the vendor probably
forgot to fix it.
So the vendor was contacted for the same bug in the next version 2.72a,
and now the vendor is planning to fix the bug in the next release.
In the meantime vendor recommends to add password protection to protect
the chat room.



xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Prev by Date: [vulnwatch] WS_FTP Server Denial of Service Vulnerability
Next by Date: RE: CDE libDtHelp LOGNAME Buffer Overflow Vulnerability
Previous by thread: [vulnwatch] WS_FTP Server Denial of Service Vulnerability
Next by thread: Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable)
Index(es):
- Date
- Thread