Home page logo

bugtraq logo Bugtraq mailing list archives

GOBBLES Reflection on the msn666 Hole
From: gobbles () hushmail com
Date: Sat, 15 Jun 2002 09:33:02 -0700

Hash: SHA1

On Thursday, June 13th, a mail appeared on the Bugtraq (do not confuse with Bugtraq.org) mailing list titled, 
"Sensitive IM Security - MSN Message Sniffing".  Someone brought it to our attention on IRC (greets to all our friends 
in #!GOBBLES, and all our friends who have been with us there), and we took a look at the code.

A few minute later, we sent the author email concerning the insecure sscanf() statement in his code, and suggested that 
he fix it (along with many other problems in the code).  His response: "There is no problem."  One of his friends, from 
underground.co.kr, suggested to us that this was an intentional feature, and that there had already been discussion of 
comprimising hosts, targetted from the IP's in the access_log's.

We then immediately wrote up an advisory/alert and sent it out to the mailing lists.  We received immediate criticism.  
This is expected however, for any of our actions.  We're doing a good job of making friends in this security world, 
although we are quite famous, and in the end that's really all that matters.

Soon, the author of the msn666 posted to the mailing lists stating "there is no problem", and also indicating that even 
if there was a bug, it woudln't be significant because no one will "use this as a server like apache or mysql", which 
is quite nonsensical to us.  It's a sniffer, not a daemon.  Look at the massive (in)security history with tcpdump -- 
again, not a daemon, but a process that can be _REMOTELY_EXPLOITED_.

After this dialouge, we quickly wrote up a second advisory, and published a fully working proof-of-concept exploit.  
And yet, the author continues to deny the existance of a bug.

Look, if it wasn't actually a "backdoor", and was just lame coding, we apologize for the statements we made, and will 
give your underground.or.kr friend hell for lying to us about your true motivations.  However, seeing as how you've 
handled it since then, it'll be hard to convince us that we're wrong -- logic is on our side.

As of today, the hole is still present in msn666.  Maybe it'll get patched.

GOBBLES Security
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com


  By Date           By Thread  

Current thread:
  • GOBBLES Reflection on the msn666 Hole gobbles (Jun 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]