Easy Chat Server multiple chat.ghp requests to add a user causes denial of service
| easychat-multiple-chatghp-dos (16633) |  Medium Risk |
Description:
Easy Chat Server is vulnerable to a denial of service attack. By sending a specially-crafted GET request to the chat.ghp script containing information in the username parameter multiple times, a remote attacker could add multiple users to a room, which would cause the server to crash.
Consequences:
Denial of Service
Remedy:
Apply the appropriate patch for your system. See References.
References:
- Easy Chat Server Web site: Chat server software free download - build your own chat room.
- Full-Disclosure Mailing List, Fri Jul 02 2004 - 03:46:35 CDT: Multiple Vulnerabilities in Easy Chat Server 1.2.
- BID-10649: Easy Chat Server Multiple Denial Of Service Vulnerabilities
- CVE-2004-2467: chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash).
- OSVDB ID: 7417: Easy Chat Server Large User Number DoS
- SA12006: Easy Chat Server Multiple Vulnerabilities
- USN-50-1: CUPS vulnerabilities
Platforms Affected:
- Canonical Ubuntu 4.10
- EFS Software Easy Chat Server 1.2
Reported:
Jul 05, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net