exploit the possibilities

gg-dos.txt

gg-dos.txt
Posted Dec 31, 2004
Authored by Maciej Soltysiak | Site soltysiak.com

It is possible to remotely conduct a denial of service attack on a Gadu-Gadu client by sending special crafted messages several times. All versions up to 6.1 build 156 are affected.

tags | advisory, denial of service
MD5 | cc5a640ddefec0d352ed82a14b815912

gg-dos.txt

Change Mirror Download
Product:        Gadu-Gadu,
all available versions including the latest (6.1 build156)
Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact: Remote Denial of Service
Severity: Important
Author: Maciej Soltysiak <maciej@soltysiak.com>
Advisory: http://www.soltysiak.com/gg-dos.txt


[ISSUE]

It is possible to remotely conduct a DoS attack on a Gadu-Gadu client by
sending special crafted messages several times. The application hangs in
most cases and all is left is to kill the process.
This is propably due to the way the program displays the images.


[DETAILS]

By sending simple messages to the client that contain a huge amount of well
known strings that are converted to images (ie. "!!" converted to an
animating exclamation mark or "<glaszcze>" converted to an animated
emoticon) one is able to cause Gadu-Gadu to hang and the user to kill the
program.

As long as the attacker's uin is not on the victim's blocked list the
attacker is free to expoit the vulnerability. This means that creating
new users just to wreck havoc among Gadu-Gadu users would be very
effective.

[POC]

The C proof of concept code is available at http://www.soltysiak.com/ggkill.c

[ADVISORY]

There is little that users can do about this remote DoS. It is not required
for the attacker to be in the victim's contact list, no other options limit
the functionality that causes this DoS (like dcc, image size, proxys)

Until the vendor releases a fixed version I recommend the users enable the
option that lets us not to show messages from users outside our contact
list. This option is called "Nie pokazuj wiadomosci od nieznajomych" and
is available in a couple of latest versions of Gadu-Gadu 6

This way if we do not know the attacker, we are safe, the messages will
be blocked.

[SUMMARY]

Vendor has been informed about these bugs.
Have a nice day.

Copyright 2004, Maciej Soltysiak. All rights reserved.



Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

January 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    8 Files
  • 2
    Jan 2nd
    11 Files
  • 3
    Jan 3rd
    11 Files
  • 4
    Jan 4th
    2 Files
  • 5
    Jan 5th
    2 Files
  • 6
    Jan 6th
    18 Files
  • 7
    Jan 7th
    15 Files
  • 8
    Jan 8th
    16 Files
  • 9
    Jan 9th
    10 Files
  • 10
    Jan 10th
    13 Files
  • 11
    Jan 11th
    2 Files
  • 12
    Jan 12th
    4 Files
  • 13
    Jan 13th
    21 Files
  • 14
    Jan 14th
    18 Files
  • 15
    Jan 15th
    12 Files
  • 16
    Jan 16th
    18 Files
  • 17
    Jan 17th
    11 Files
  • 18
    Jan 18th
    3 Files
  • 19
    Jan 19th
    2 Files
  • 20
    Jan 20th
    15 Files
  • 21
    Jan 21st
    21 Files
  • 22
    Jan 22nd
    19 Files
  • 23
    Jan 23rd
    19 Files
  • 24
    Jan 24th
    8 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close