aMSN Input Validation Error

January 26, 2008

Risk: Low
Tipology: Input Validation Error

All aMSN versions, both on Windows and Linux platorms.

As Microsoft MSN, aMSN have a nice feature for Exporting and Importing the list of
contacts you have.

This list is dumped into an XML file (file extension .ctt), with this structure

——————————————————————-
<?xml version=”1.0″?>
<messenger>
<service name=”.NET Messenger Service”>
<contactlist>
<contact> your_contact@xxxx.yy</contact>
</contactlist>
</service>
</messenger>
——————————————————————–

aMSN does not Validate correctly the Contacts you insert, precisely does not parse
the format of this file, and suddenly when you import a malformed Contact List it
shutdown

here an example of malformed input list

——————————————————————-
<?xml version=”1.0″?>
<messenger>
<service name=”.NET Messenger Service”>
<contactlist>
<contact>AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

AAAAAAAAAAAAAAAAAAAAAAA@xxxx.yy</contact>
</contactlist>
</service>
</messenger>
——————————————————————-

Or another possibility

——————————————————————-
<?xml version=”1.0″?>
<messenger>
<service name=”.NET Messenger Service”>
<contactlist>
<contact><contact><contact><contact><contact></contact></contact><contact></contact></contact></contact></contact>
</contact>
</contactlist>
</service>
</messenger>
——————————————————————-

This will cause a freeze of aMSN..

If you use the same “trick” with Ms Messenger, a MessageBox will advice you of the malformed
file ;)

See you to the next post


Once upon a time..

January 20, 2008

Hi,

Its some week that I don’t write on the blog, this not due a lack of time but essentially because I’ve heavly worked on Reversing and Researching about some rootkit, and Vulnerabilities of these drivers.. such as Kernel_Stack_Overflows and relative exploitation, may be some day I’ll publish it, but is not sure.

I’ve also finded a particular vulnerability that afflicts a Microsoft Product, I’ll talk with MS “Security Division” about it and next I’ll release the PoC.

These are also days of heavy coding, the old idea of the Folder Protector, became more complex and changed in DataProtector..or CProtector I’ve to choise a name eheh.. :) These are some of the features:

  • File/Folder Data Protection
  • Random Password Generator
  • Password Manager
  • Encrypted Instant Messenger

Surely I’ll add some feature and finally I’ll release a Free Basical Edition and another Full ($) Edition..
SunOS ICMP Crasher is also ready for the release, I think I’ll release it this friday/saturday.

See you soon, I Hope.. :)


SunOS 5.10 Remote ICMP Kernel Crash

January 13, 2008

Hi,

Recently IT Security spreaded an intersting vulnerability for SunOS 5.10 able to crash the entire kernel just by sending an ICMP packet with some particular data. I’ve written a little .NET application to accomplish this attack, soon I’ll publish it on my website .

See you to the next post.. :)


Reversity Speech Done

January 6, 2008

Hi,

Just finished  Reversity Speech, on EfNet ON Cryptography Applied to Reverse Engineering. (CryptoRev)

Soon Logs and Guide Lines will be published on http://evilcry.altervista.org

See you to the next post.. :)

Evilcry


First 2008 Thoughts from a Paranoid

January 1, 2008

Hi,

First of all let me wish you an Happy New Year, could be full of peace and serenity!

This morning, by surfing randomly the web I found, or better remembered a Secure Mail Service provided by safe-mail.net, and as my usual Paranoia I’ve done a Reverse DNS Lookup, and result is truly curious..

Name Server: EGOZ.GALIAD.CO.IL (has 109 domains)
Name Server: NS.BARAK.NET.IL (has 2,622 domains)
Name Server: NSA.SAFE-MAIL.NET

and..

Server Type: Apache/2.0.54 (Fedora)
IP Address: 213.8.161.230

IP Location    Israel – Tel Aviv – Tel Aviv – Smile Internet Gold

Name Server comes from NSA and Server comes from Israel, strange you don’t think?

See you to the next post.. :)


Follow

Get every new post delivered to your Inbox.