Denial Of Service in FreeChat 1.1.1a

2004-02-26T00:00:00
ID SECURITYVULNS:DOC:5833
Type securityvulns
Reporter Securityvulns
Modified 2004-02-26T00:00:00

Description

                       Donato Ferrante

Application: FreeChat http://sourceforge.net/projects/vbfreechat/

Version: 1.1.1a

Bug: Denial Of Service

Author: Donato Ferrante e-mail: fdonato@autistici.org web: www.autistici.org/fdonato

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

  1. Description
  2. The bug
  3. The code
  4. The fix

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


1. Description:

Vendor's Description:

"FreeChat is a webserver with support for a browser based streaming chat written in Visual Basic 6. The chat so far supports multiple rooms (public/private), graphical emicons, whispering, multiple languages and more."

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


2. The bug:

The server is not able to manage crafted strings. In fact it will crash.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


3. The code:

To test the vulnerability simply send to the chat server, a string like:

"aaaaa"

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx


4. The fix:

No fix. The vendor has not answered to my signalations.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx