[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations

To: "Rafel Ivgi, The-Insider" <theinsider@xxxxxxxxxx>
Subject: Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
From: Markus Kern <markus-kern@xxxxxxx>
Date: Tue, 18 Jan 2005 23:59:51 +0100

On Monday, January 17, 2005, 9:40:47 PM Rafel Ivgi, The-Insider 
<theinsider@xxxxxxxxxx> wrote:

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> Application:   Kazaa
> Vendors:       http://www.kazaa.com
> Versions:       kazaa lite k++(probably all others too...)
> Platforms:      Windows
> Bug:              Sig2Dat Protocol Remote Integer Overflow and
>                      Denial Of Service by creating files in arbitrary
> locations
> Exploitation:   Remote With Browser
> Date:             17 Jan 2005
> Author:          Rafel Ivgi, The-Insider
> E-Mail:          the_insider@xxxxxxxx
> Website:        http://theinsider.deep-ice.com

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> 1) Introduction
> 2) Bugs
> 3) The Code

> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

> ===============
> 1) Introduction
> ===============

> Kazaa is currently the world?s most common P2P file sharing application.
> When installing Kazaa a new protocol is installed named ?sig2dat?.

This is incorrect. Kazaa itself does not install a handler for the
'sig2dat' URIs. In fact it doesn't even know about them. The sig2dat
URIs are created and handled by a third party tool [1] which contains
the described flaws and happens to be included in the (unofficial)
Kazaa Lite package.

The official Kazaa from http://www.kazaa.com does not handle sig2dat
URIs and is not vulnerable.

> This protocol contain an integer overflow vulnerability which may cause
> a crash and may allow remote execution of code. There is another
> vulnerability in the ?File:? parameter which allows creating files in
> arbitrary locations and committing Denial Of Service.

[1] sig2dat, http://www.geocities.com/vlaibb/tools.html
    (The design and code of this thing are horrific and there are no
    doubt plenty of other bugs to be found)

-- 
Markus Kern

Follow-Ups:
- Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
  - From: Markus Kern

References:
- Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
  - From: Rafel Ivgi, The-Insider

Prev by Date: Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
Next by Date: Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call Processing Solutions
Previous by thread: Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
Next by thread: Re: Kazaa Sig2Dat Protocol Remote Integer Overflow and Denial Of Service by creating files in arbitrary locations
Index(es):
- Date
- Thread