Bugtraq mailing list archives
Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
From: Markus Kern <markus-kern () gmx net>
Date: Tue, 18 Jan 2005 23:59:51 +0100
On Monday, January 17, 2005, 9:40:47 PM Rafel Ivgi, The-Insider <theinsider () 012 net il> wrote:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application: Kazaa Vendors: http://www.kazaa.com Versions: kazaa lite k++(probably all others too...) Platforms: Windows Bug: Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Exploitation: Remote With Browser Date: 17 Jan 2005 Author: Rafel Ivgi, The-Insider E-Mail: the_insider () mail com Website: http://theinsider.deep-ice.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1) Introduction 2) Bugs 3) The Code
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=============== 1) Introduction ===============
Kazaa is currently the worlds most common P2P file sharing application. When installing Kazaa a new protocol is installed named sig2dat.
This is incorrect. Kazaa itself does not install a handler for the 'sig2dat' URIs. In fact it doesn't even know about them. The sig2dat URIs are created and handled by a third party tool [1] which contains the described flaws and happens to be included in the (unofficial) Kazaa Lite package. The official Kazaa from http://www.kazaa.com does not handle sig2dat URIs and is not vulnerable.
This protocol contain an integer overflow vulnerability which may cause a crash and may allow remote execution of code. There is another vulnerability in the File: parameter which allows creating files in arbitrary locations and committing Denial Of Service.
[1] sig2dat, http://www.geocities.com/vlaibb/tools.html (The design and code of this thing are horrific and there are no doubt plenty of other bugs to be found) -- Markus Kern
Current thread:
- Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Rafel Ivgi, The-Insider (Jan 19)
- Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Berend-Jan Wever (Jan 19)
- Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations Markus Kern (Jan 19)