Search This Blog
Powered By Blogger

Tuesday, December 15, 2009

-: Exploits - Bugs - Vulnerabilities :-

-: Exploits - Bugs - Vulnerabilities :-

Google Talk EMail Notifition Denial Of Service

List: bugtraq
Subject: New Bug KESM in GoogleTalk
From: natalylopez380 () hotmail ! com
Date: 2005-11-09 0:01:40
Message-ID: 20051109000140.29652.qmail () securityfocus ! com
[Download message RAW]

Hi!! My name is Nataly Lopez, I'm a 17 years old girl living in Venezuela; I have \ always loved computer security because that's also my father's work.. Well, the \ reason for me to post this is for telling you about a bug in Google Talk I discovered \ with my friend chris77 (#velug @ irc.freenode.net) this afternoon. Google Talk's \ excellent features allow the user to know when contacts send mails without \ configuring any passports, etc., well, you know that. What's really funny is: one can \ generate remote errors in the users' systems connected to Google Talk, and thus \ creating a kind of DoS. So Google Talk stops working if it has email notification \ enabled: it suffices to type this command in a Linux shell (nail must be installed of \ course):

echo kill | nail -s Kill -r "" victim@gmail.com

This instruction is quite simple, and will send an email to the user being connected \ to Google Talk from a certain "unknown sender", and as you can see, GoogleTalk \ Windows client cannot notify <> is sending an email. Therefore, an error windows \ appears on screen:

[ Google Talk encountered an internal error, and must now close. Ok to report this \ error to Google? ] [Yes] [No]

We called this bug KESM, which stands for "Killer Empty Sender Message" :) and one \ can easily implement it into a loop, keeping the victim busy clicking on the YES \ button and resetting his connection to Google Talk.

That's all for now folks :-)

Vulnerable software and versions

Configuration 1
¢Ë†â€™ Google, Google Talk, 1.0.0.75
¢Ë†â€™ Google, Google Talk, 1.0.0.72
¢Ë†â€™ Google, Google Talk, 1.0.0.70
¢Ë†â€™ Google, Google Talk, 1.0.0.68
¢Ë†â€™ Google, Google Talk, 1.0.0.67
¢Ë†â€™ Google, Google Talk, 1.0.0.66
¢Ë†â€™ Google, Google Talk, 1.0.0.64, and previous
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)