BugTraq
Denial Of Service in ChatterBox 2.0 Jan 30 2004 01:44PM
Donato Ferrante (fdonato autistici org)
Donato Ferrante

Application: ChatterBox
http://www.urbancities.net/burton/

Version: 2.0

Bug: Denial Of Service

Author: Donato Ferrante
e-mail: fdonato (at) autistici (dot) org [email concealed]
web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

1. Description
2. The bug
3. The code
4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

----------------
1. Description:
----------------

Vendor's Description:

"ChatterBox is a multiple client, single server graphical chat
program written in Java using Swing. Some basic features include
sending private messages, kicking users (server only), and obtaining
IP information on users (server only). It runs on any operating system
supporting Java 1.3."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
2. The bug:
------------

ChatterBox is not able to manage irregular requests in fact it
will crash.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

-------------
3. The code:
-------------

To test the vulnerability simply send to the chat server a string like:

"aaaaaa"

and the chat server will go down.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

------------
4. The fix:
------------

Vendor was contacted.
Bug will be probably fixed in the next version of ChatterBox,
so go on the ChatterBox's official website:
http://www.urbancities.net/burton/ and check for a new version.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus