DC++ Private Message Remote Denial of Service Vulnerability
BID:30037
Info
DC++ Private Message Remote Denial of Service Vulnerability
| Bugtraq ID: | 30037 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2008-2954 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 01 2008 12:00AM |
| Updated: | May 07 2015 05:07PM |
| Credit: | crise |
| Vulnerable: |
LinuxDC++ LinuxDC++ 1.0.1 DC++ DC++ 0.706 |
| Not Vulnerable: |
DC++ DC++ 0.707 |
Discussion
DC++ Private Message Remote Denial of Service Vulnerability
DC++ is prone to a remote denial-of-service vulnerability because the application fails to handle private messages properly.
An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects DC++ 0.706 and earlier versions.
DC++ is prone to a remote denial-of-service vulnerability because the application fails to handle private messages properly.
An attacker could exploit this issue to crash the affected application, denying service to legitimate users.
This issue affects DC++ 0.706 and earlier versions.
Exploit / POC
DC++ Private Message Remote Denial of Service Vulnerability
An attacker can exploit this issue by sending an empty private message to the application.
An attacker can exploit this issue by sending an empty private message to the application.
Solution / Fix
DC++ Private Message Remote Denial of Service Vulnerability
Solution:
The vendor has released a fix; please see the references for more information.
Solution:
The vendor has released a fix; please see the references for more information.
References
DC++ Private Message Remote Denial of Service Vulnerability
References:
References:
- DC++ Homepage (DC++)
- DC++ version 0.707 Release Notes (DC++)
- Diff for /linuxdcpp/linuxdcpp/client/NmdcHub.cpp between version 1.14 and 1.15 (linuxdcpp)
- LinuxDC++ Homepage (LinuxDC++)