Back to list
Gadu-Gadu, another two bugs
Dec 17 2004 10:23AM
Jaroslaw Sajko (sloik man poznan pl)
Product: Gadu-Gadu, build 155 and older
Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact: Script execution in local zone,
Authors: Blazej Miga <bla (at) man.poznan (dot) pl [email concealed]>,
Jaroslaw Sajko <sloik (at) man.poznan (dot) pl [email concealed]>
Gadu-Gadu is the first Polish instant messenger used by ca. 3 millions of
people per month.
In addition to the last vulnerabilities there are two another
vulnerabilities in the build which have been released after our last
Parsing error. We can send a malicious string which has an url inside.
Code will execute when the window with message pops up. Code will execute
in LOCAL ZONE! Works also with older versions.
Send such a string to any receipent:
Beacause in this build default configuration allows sending of the images
we can send an image. There is some new feature, a loop checking filename
for disallowed characters, but the loop under some circumstances is an
infinite loop. So, if an image name isn't starting with the '..', '/', '\'
or '&#' then Gadu-Gadu applications falls into infinite loop, consumes
resources, and will not receive or send any message anymore. So we have a
simple DoS (livelock).
Send any image (filename must be a 'normal' filename) to your friend.
Please upgrade to the newest build (build 156).
[ reply ]
Re: Gadu-Gadu, another two bugs
Dec 20 2004 05:20PM
Przemyslaw Frasunek (venglin freebsd lublin pl)
Re: [Full-Disclosure] Re: Gadu-Gadu, another two bugs
Dec 20 2004 09:43PM
Maciej Soltysiak (maciej soltysiak com)
Copyright 2010, SecurityFocus