FW: Parachat DoS Vulnerability

From: Matt Smith (ratman6at_private)
Date: Wed Jul 31 2002 - 09:00:37 PDT

Next message: Mike Forrester: "Re: It takes two to tango"

Previous message: secureat_private: "[CLA-2002:513] Conectiva Linux Security Announcement - openssl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----Original Message-----
From: Matt Smith [mailto:ratman6at_private] 
Sent: Wednesday, July 31, 2002 11:59 AM
To: 'bugtraqat_private'
Subject: Parachat DoS Vulnerability

Parachat DoS Vulnerability Synopsis
Written by Matt Smith aka Ratman (ratman6at_private)
Contributions by Amy Marie aka DraculaWoman (Marie33at_private)
Presented by 12:01 Productions Computer Security and Research Division.

Description:

     Parachat chatroom (http://www.parachat.com) servers have a security
vulnerability that causes the chat client not to disconnect a user from
the chat server if the user leaves the webpage where the room is located
by using the Back or Forward buttons in the web browser in place of the
logoff button.  This allows for "phantom users" to be created in any
Parachat chatroom that will remain present for 15 minutes.  These users
will be registered on the chat server as actual users.

Implications:

These "phantom users" can build up in a chatroom, easily causing a
Denial Of Service (DoS) condition when the number of users exceeds the
capacity of a chatroom.  If several computers are involved in the attack
a chatroom could be flooded to capacity in a matter of minutes.  It is
also conceivable that a program could be written to automate the exploit
steps, making it simple for one computer to cause a DoS condition in a
single chatroom.  It is possible that such a program, when used to
create a Distributed Denial of Service (DDoS) attack, could easily down
an entire chat server.  This condition would cause all chatrooms hosted
on that server to become useless.

Exploit:

To exploit this vulnerability the following steps are required:

1. Log in to any Parachat Chatroom as <username>
2. Leave the Chatroom page using the methods described above.
3. Return to the Chatroom page.
4. Log back in to the Chatroom under a different username.
5. Repeat steps 2 through 4

Note: These steps have only been tested with Internet Explorer versions
5.0-6.0

Update:  Vulnerability has been patched as of July 31, 2002

Next message: Mike Forrester: "Re: It takes two to tango"
Previous message: secureat_private: "[CLA-2002:513] Conectiva Linux Security Announcement - openssl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jul 31 2002 - 13:21:18 PDT