[8655] in bugtraq
iParty can be shut down remotely
daemon@ATHENA.MIT.EDU (HD Moore)
Tue Dec 1 11:37:55 1998
Date: Mon, 30 Nov 1998 21:46:52 -0600
Reply-To: Bugtraq List <BUGTRAQ@NETSPACE.ORG>
From: HD Moore <hdmoore@USA.NET>
To: BUGTRAQ@NETSPACE.ORG
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
iParty is an audio/text chat program for Windows. The iParty server
listens on a specified port (6004 is default) for client requests. If
someone connects to the chat server and sends a large amount of '=FF'
characters (ASCII 255 or Hex FF), the server will simply close itself
and disconnect all the current users. Nothing shows up in the log
file, and the attacker does not need to know the 'chat room' name.
iParty seems to use a modified version of the X-Win protocol, as it
uses the same format as X for session request responses. The easiest
way to exploit this hole is:
cat /dev/kmem | telnet targetserver.com 6004
More information on iParty can be found at www.bumpkinland.com.
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQA/AwUBNmNmc651X44hunVSEQIGGwCg5lCksOcFT4IEEyowtlOs75fu/2wAn3ZI
pEmwwfuOgrfsz9crATI499rB
=3DBwmD
-----END PGP SIGNATURE-----
