Date: Mon, 30 Nov 1998 21:46:52 -0600
From: HD Moore <hdmoore@USA.NET>
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
To: BUGTRAQ@netspace.org
Subject: iParty can be shut down remotely

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

iParty is an audio/text chat program for Windows.  The iParty server
listens on a specified port (6004 is default) for client requests.  If
someone connects to the chat server and sends a large amount of '^?'
characters (ASCII 255 or Hex FF), the server will simply close itself
and disconnect all the current users.  Nothing shows up in the log
file, and the attacker does not need to know the 'chat room' name.
iParty seems to use a modified version of the X-Win protocol, as it
uses the same format as X for session request responses.  The easiest
way to exploit this hole is:

cat /dev/kmem | telnet targetserver.com 6004

More information on iParty can be found at www.bumpkinland.com.


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv

iQA/AwUBNmNmc651X44hunVSEQIGGwCg5lCksOcFT4IEEyowtlOs75fu/2wAn3ZI
pEmwwfuOgrfsz9crATI499rB
=BwmD
-----END PGP SIGNATURE-----