Re: Cross Platform remote IM vulnerability / DOS

To: Danslo@xxxxxxxxx
Subject: Re: Cross Platform remote IM vulnerability / DOS
From: "J. Oquendo" <sil@xxxxxxxxxxxxxxx>
Date: Fri, 17 Aug 2007 16:37:46 -0400
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20070817190427.8835.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20070817190427.8835.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 2.0.0.6 (Windows/20070728)

Danslo@xxxxxxxxx wrote:

> At the least this causes the other machine to send out more packets than the 
> average user may have known of, with a little thinking and just as much 
> resources this could be used as a distributed denial of service attack.

Funny, don't even know why I wasted time with this but here goes... Sent
the message to a coworker of mine who just installed Pidgin and he
received the message just fine. Which (if any) off the record plugins
were used (http://www.cypherpunks.ca/otr/)

> On the current version of pidgin when this was tested on several OS's it 
> often froze up the targets IM window for the duration of the attack and 
> sometimes the entire system performance suffers. While the attack was being 
> performed the IM window is non-usable.

What versions of operating systems to and from?

> Discovered by Dan Shinn <danslo@xxxxxxxxx>
> Testing by Rick Russel <noneck.net>

Sorry to be the spoiled sport/PITA/luzer,/insert-degrading-term-here,
to point this out to you but there is not even a remote portion of a
cross platform DoS that comes to mind with this. What DOES come to mind
is a misconfigured client on one end likely trying to start an off the
record IM session with a client without the software causing nothing to
show up.

Have the (so called) affected machine install OTR then come back with
your findings. Also include operating systems on both ends e.g.:

While sending x message using Pidgin with my Windows Version X to a
friend who was using Pidgin version x on a Windows Version X machine, I
noticed the like OMFG I DoS'd him. You'll likely find a bigger response
to your problem. This does not sound like a multiplatform DoS to me but
more of an ID 10 T error commonly seen. (These are usually associated
with PEBKAC issues).

I tried to convince my coworker his IM Client crashed but he quickly
messaged me back that it didn't. Even after I tried sending a quick
while script * 6k messages per second, he still responded back. Kind of
like that Verizon interweb Yes video. "Yes... Yes... Yes..."

-- 
====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Cross Platform remote IM vulnerability / DOS
  - From: Danslo

Prev by Date: iDefense Security Advisory 08.16.07: IBM DB2 Universal Database Multiple File Creation Vulnerabilities
Next by Date: Re: COSEINC Linux Advisory #1: Linux Kernel Parent Process Death Signal Vulnerability
Previous by thread: Re: Cross Platform remote IM vulnerability / DOS
Next by thread: HPSBMA02242 SSRT061260 rev.2 - HP OpenView Network Node Manager (OV NNM) Running Shared Trace Service, Remote Arbitrary Code Execution --------
Index(es):
- Date
- Thread