BugTraq
Cross Platform remote IM vulnerability / DOS Aug 17 2007 07:04PM
Danslo yahoo com (2 replies)
Re: Cross Platform remote IM vulnerability / DOS Aug 17 2007 08:37PM
J. Oquendo (sil infiltrated net)
Danslo (at) yahoo (dot) com [email concealed] wrote:

> At the least this causes the other machine to send out more packets than the average user may have known of, with a little thinking and just as much resources this could be used as a distributed denial of service attack.

Funny, don't even know why I wasted time with this but here goes... Sent
the message to a coworker of mine who just installed Pidgin and he
received the message just fine. Which (if any) off the record plugins
were used (http://www.cypherpunks.ca/otr/)

> On the current version of pidgin when this was tested on several OS's it often froze up the targets IM window for the duration of the attack and sometimes the entire system performance suffers. While the attack was being performed the IM window is non-usable.

What versions of operating systems to and from?

> Discovered by Dan Shinn <danslo (at) yahoo (dot) com [email concealed]>
> Testing by Rick Russel <noneck.net>

Sorry to be the spoiled sport/PITA/luzer,/insert-degrading-term-here,
to point this out to you but there is not even a remote portion of a
cross platform DoS that comes to mind with this. What DOES come to mind
is a misconfigured client on one end likely trying to start an off the
record IM session with a client without the software causing nothing to
show up.

Have the (so called) affected machine install OTR then come back with
your findings. Also include operating systems on both ends e.g.:

While sending x message using Pidgin with my Windows Version X to a
friend who was using Pidgin version x on a Windows Version X machine, I
noticed the like OMFG I DoS'd him. You'll likely find a bigger response
to your problem. This does not sound like a multiplatform DoS to me but
more of an ID 10 T error commonly seen. (These are usually associated
with PEBKAC issues).

I tried to convince my coworker his IM Client crashed but he quickly
messaged me back that it didn't. Even after I tried sending a quick
while script * 6k messages per second, he still responded back. Kind of
like that Verizon interweb Yes video. "Yes... Yes... Yes..."

--
====================================================
J. Oquendo
"Excusatio non petita, accusatio manifesta"

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xF684C42E
sil . infiltrated @ net http://www.infiltrated.net

0? *?H?÷
 ?0?1 0 +0? *?H?÷
 ?0??0?r 'ôêôz?Än»n©0
 *?H?÷
0o1 0 USE10U
 AddTrust AB1&0$U AddTrust External TTP Network1"0 UAddTrust External CA Root0
050607080910Z
200530104838Z0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0?"0
 *?H?÷
?0?
?²9?¤ò}«A;bF7®ÍÁ`u¼9eùJG¢¹ÌHÌj?ÕM5¹¤BåÎIâ?/|Ò1ÇN´?d.)Õ¢dÄ?½?Q5y¤
Nh{z¤?¨ò?ò?Ìɤ2?» O0½?  ?ån¢Fúx¼¢o«Y^¥/ÏÊÚmª/묡³jª·.g5?yái?âæFÍ ¥ê¾ Îv:z?êüÚ'[=s"æHaÆ
Lói±¨.¶Ô1 ,¼???¤¥×?CüZ¯q×YÚº?
¯úóáÂð¤Åg?ÖÖT:Þ
¤ºw³eÈýÓtbªÊh?¡?~õGeËøMW(tÒ4ÿ0¶îöb0?,룁á0Þ0U#0?­½?z4´
&÷úÄ&Tï½à$ËT0U??g}ĝ&pK´PH|Þ=®n}0Uÿ0Uÿ
0ÿ0{Ut0r08 6 4?2http://crl.comodoca.com/AddTrustExternalCARoot.c
rl06 4 2?0http://crl.comodo.net/AddTrustExternalCARoot.crl0
 *?H?÷
?Ø?o(¬¦¢ç?Á?Û~¡ýóâð©?TBk? Ä mא?fyCqüøo¯ÛvEâ7=ÝäYx¬ô?FózÏ[?r-åFÁº)óËIy?<ºm¤mhO­r6¨¹±ý¿Ï
ð¤j?5PÏmU±ÝY0Jßm ?dI|ï6»ôãiôø9Z­K?:·íÓÏ
D¢û¿ä/p?%ûZT³Ðļmûs2,é??$-Ö?zhP?MéÌõ»gèÜ.;üNÍþ?ã¨
¥&DeéòMR§®Ü>Êk2\Alþõ] êÿÑú??Xm=?Gåþ.?ÂÌ?¡ò»0?Á0?© 
Ñ¡øsß?-?HK?«'0
 *?H?÷
0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
061005000000Z
071005235959Z0Ù1503U ,Comodo Trust Network - PERSONA NOT VALIDATED1F0DU =Terms and Conditions of use: http://www.comodo.net/repository10U (c)2003 Comodo Limited10U
J. Oquendo1"0  *?H?÷
 sil (at) infiltrated (dot) net0 [email concealed]?0
 *?H?÷
0?½Ç?(ä$:²µDT,¢Ò;º»lpjÅ©rºSê:Ò#&Çây*?îE¥Ð)»ÜMHü~¨a¥Õ~
¹ÃX gÈÇgIçV¶§:'7ÕI´óÛ¥ªAcU|2Å^?ç¾ï¼bèïæ æ¾ÊÂ%Nï?eäùm?1×3¡+< DKu£?00?,0U#0???g}ĝ&pK´PH|Þ=®n}0
Un@.zÙ¶p_"µ?xx?rѬ$0Uÿ 0 Uÿ00 U%0+ +²10 `?H?øB 0FU ?0=0; +²10+0)+https://secure.comodo.net/CPS0¥U0?0
L J H?Fhttp://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmai
l.crl0J H F?Dhttp://crl.comodo.net/UTN-USERFirst-ClientAuthenticationand
Email.crl0?+z0x0;+0?/http://crt.comodoca.com/UTNAddTr
ustClientCA.crt09+0?-http://crt.comodo.net/UTNAddTrustClientCA.c
rt0U0sil (at) infiltrated (dot) net0 [email concealed]
 *?H?÷
?>|(aµ]ºGìC¡yÂó(ãü?tïë¤F<¡&S?»ê6î¢w¥ë}úæâp¾lê#è«ú]¢t^¦Ð(l??
uv?ç7¿ÒþÄÉë?#? ?PGsbT??ïÓî]>¤.¤I{?rE5K³ã?³øø?tWÏËÛXÜÊCo´ù²Öò
à´²qÃõD??þã rw¨g?+k+(`9qò!ÝÒÿ×g?Ü?¬?·¾MUõ·hóB±ò¸Äîz {?¼?|¨?6àS?&?çüJ÷??õJ?Éæ?[ýõT*?ÒéÒ'oEjÓÖ #B\Ã8ô
ö£?Ù?¯ñ¦7¶0?Á0?© 
Ñ¡øsß?-?HK?«'0
 *?H?÷
0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email0
061005000000Z
071005235959Z0Ù1503U ,Comodo Trust Network - PERSONA NOT VALIDATED1F0DU =Terms and Conditions of use: http://www.comodo.net/repository10U (c)2003 Comodo Limited10U
J. Oquendo1"0  *?H?÷
 sil (at) infiltrated (dot) net0 [email concealed]?0
 *?H?÷
0?½Ç?(ä$:²µDT,¢Ò;º»lpjÅ©rºSê:Ò#&Çây*?îE¥Ð)»ÜMHü~¨a¥Õ~
¹ÃX gÈÇgIçV¶§:'7ÕI´óÛ¥ªAcU|2Å^?ç¾ï¼bèïæ æ¾ÊÂ%Nï?eäùm?1×3¡+< DKu£?00?,0U#0???g}ĝ&pK´PH|Þ=®n}0
Un@.zÙ¶p_"µ?xx?rѬ$0Uÿ 0 Uÿ00 U%0+ +²10 `?H?øB 0FU ?0=0; +²10+0)+https://secure.comodo.net/CPS0¥U0?0
L J H?Fhttp://crl.comodoca.com/UTN-USERFirst-ClientAuthenticationandEmai
l.crl0J H F?Dhttp://crl.comodo.net/UTN-USERFirst-ClientAuthenticationand
Email.crl0?+z0x0;+0?/http://crt.comodoca.com/UTNAddTr
ustClientCA.crt09+0?-http://crt.comodo.net/UTNAddTrustClientCA.c
rt0U0sil (at) infiltrated (dot) net0 [email concealed]
 *?H?÷
?>|(aµ]ºGìC¡yÂó(ãü?tïë¤F<¡&S?»ê6î¢w¥ë}úæâp¾lê#è«ú]¢t^¦Ð(l??
uv?ç7¿ÒþÄÉë?#? ?PGsbT??ïÓî]>¤.¤I{?rE5K³ã?³øø?tWÏËÛXÜÊCo´ù²Öò
à´²qÃõD??þã rw¨g?+k+(`9qò!ÝÒÿ×g?Ü?¬?·¾MUõ·hóB±ò¸Äîz {?¼?|¨?6àS?&?çüJ÷??õJ?Éæ?[ýõT*?ÒéÒ'oEjÓÖ #B\Ã8ô
ö£?Ù?¯ñ¦7¶1?Ï0?Ë0Ã0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email
Ñ¡øsß?-?HK?«'0 + ?a0 *?H?÷
 1  *?H?÷
0 *?H?÷
 1
070817203746Z0# *?H?÷
 14Æþ?hXaBµá?9&S?$
0R *?H?÷
 1E0C0
*?H?÷
0*?H?÷
?0
*?H?÷
@0+0
*?H?÷
(0Ô +?71Æ0Ã0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email
Ñ¡øsß?-?HK?«'0Ö *?H?÷
  1Æ Ã0®1 0 UUS1 0 UUT10USalt Lake City10U
The USERTRUST Network1!0U http://www.usertrust.com1604U-UTN-USERFirst-Clien
t Authentication and Email
Ñ¡øsß?-?HK?«'0
 *?H?÷
?C_L@Í ©sÚ?}?;?7·A(ܨ'Õÿdä´.á?F?6s|°s¶¡=?;û?JH¦?32?Ë'G9ÊÆGeÙV?H`ý$·.?ÉC+
?ÃJEúÜ¿DÔªéõÄ #`<Í?¡Ê?? K l+GÀ¼\?7#Ø\ûaêÝ*!<çª

[ reply ]
Re: Cross Platform remote IM vulnerability / DOS Aug 17 2007 08:15PM
Gavin Hanover (netmunky gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus