[prev in list] [next in list] [prev in thread] [next in thread] 

List:       voptalk
Subject:    [Voptalk] FW: Sample exploit code associated with the
From:       peter.thermos () palindrometech ! com (Peter Thermos)
Date:       2007-08-20 17:26:53
Message-ID: 3BBB31AF120F44FEB0F012C440A43B78 () Archimedes
[Download RAW message or body]

Perhaps they are trying to hide the real cause of the issue this time.
But I'm sure there will be others in the future.

Although vulnerabilities associated with malformed messages is not something
new there seems to be too much "coincidence" between the availability of the
exploit and the outage.

At the same time there isn't enough evidence to clarify the issue.

Peter 

> -----Original Message-----
> From: voptalk-bounces at lists.vopsecurity.org 
> [mailto:voptalk-bounces at lists.vopsecurity.org] On Behalf Of 
> support at sjobeck.com
> Sent: Monday, August 20, 2007 11:51 AM
> To: voptalk at lists.vopsecurity.org
> Subject: [Voptalk] FW: Sample exploit code associated with 
> the skypeservicedisruption
> Sensitivity: Private
> 
> Dear All,
> 
> Skype is lying.
>  
> Jason Sj?beck
> 
> 
> 
> -----Original Message-----
> From: voptalk-bounces at lists.vopsecurity.org
> [mailto:voptalk-bounces at lists.vopsecurity.org] On Behalf Of Raul Siles
> Sent: Monday, 2007 August 20 08:45
> To: peter.thermos at palindrometech.com
> Cc: voipsec at voipsa.org; voptalk at vopsecurity.org
> Subject: Re: [Voptalk] Sample exploit code associated with 
> the skype servicedisruption
> 
> Hi Peter,
> Skype's explanation is very different... Windows updates!
> 
> http://isc.sans.org/diary.html?storyid=3292
> http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html
> 
> The truth is out there! ;)
> Raul
> 
> On 8/20/07, Peter Thermos <peter.thermos at palindrometech.com> wrote:
> > It appears that lasts week's Skype service disruptions are
> associated 
> > with a malformed address URI submitted by a Skype client. Sending a 
> > long malformed URI cripples the Skype server which causes the Skype 
> > client to reconnect to the next Skype server and submits the same
> query which has the same effect.
> > In essence the attacker can traverse the list of Skype servers and 
> > disrupt the entire Skype network.
> >
> > Here is the link to the code.
> > http://en.securitylab.ru/poc/extra/301419.php
> >
> > Does anyone have any additional info on this?
> >
> > Peter
> >
> > _______________________________________________
> > - The VoPSecurity Forum -
> >
> > To post a message to the mailing list send an email to [ 
> > voptalk_at_lists.vopsecurity.org ]
> >
> _______________________________________________
> - The VoPSecurity Forum -
> 
> To post a message to the mailing list send an email to [ 
> voptalk_at_lists.vopsecurity.org ] 
> 


[prev in list] [next in list] [prev in thread] [next in thread]