Co sadzicie o Gadu-Gadu...

Wlasnie Fizyk, popieram ICQ jest "debest"

 

Zalozcie tutaj jakas toalete... bo mi sie sikac chce

 

Dzisiaj kolejny raz padl serwer GG.
Ale reklamy w GG sie wyswietlaja.

 

tak, reklamy sa ale nie ma rozmow...

 

UWAGA NA DZIURY W GG !!

Product: Gadu-Gadu, most of all available versions (including the latest one)
Vendor: SMS-EXPRESS.COM (http://www.gadu-gadu.pl)
Impact: Several vulnerabilities within application allow for remote execution of arbitrary code and information stealing
Severity: Critical
Authors: Blazej Miga <bla man poznan pl>, Jaroslaw Sajko <sloik man poznan pl>
Advisory: http://www.man.poznan.pl/~security/gg-adv.txt


[ISSUE]

Gadu-Gadu is the first Polish instant messenger used by ca. 3 millions of
people per month.

Several vulnerabilities were discovered ranging from heap and stack
overflows, integer overflows and directory traversal to incorrect
filtering of html script code. These vulnerabilities can lead to remote
execution of arbitrary code, stealing of user data (contact list,
password, etc...) or application crash.

All of these vulnerabilities can be exploited on a default configuration
of Gadu-Gadu application.


[DETAILS]

Bug 1.
There is a parsing error in the code portion responsible for the analysis
of 'http:' and 'news:' hrefs embedded in sent messages. This bug can be
exploited to inject '<a>' tag with code or a reference to it into HTML
code displayed by the application.. The attacker can send malicious code
or reference to a file with code (see Feature 0 described below). If
properly exploited, code will be executed when the window with message
pops up. Code will execute in LOCAL ZONE!

Bug 2.
Some strange kind of feature. Gadu-gadu client allows users to connect to
the server via http proxy, but beacause there is no server authentication
any proxy server can send any packet. This combined with a Feature 1
(described below) allows for the remote code execution for http proxy
administrators or other men in the middle attacks. All WITHOUT user
knowledge!

Bug 3.
Exploitnig the dcc connections feature (Feature 2) and the ctcp packets
(ctcp with special values, 1 as type and 4 as subtype you can get file
from _cache directory of your friend, without his knowledge! But, beacause
there is directory traversal error you can get any file, ie.
'..\Ja\config.dat' where the password is stored. User is NOT notified
about that by gadu-gadu application.

Bug 4.
There is a buffer overflow in the code portion handling sending of images.
This is a stack overflow which can be triggered by a specially crafted
filename. Successfull exploitation can lead to stack frame overwrite and
arbitrary code execution. This bug works with the newest build of the
program.

Bug 4b.
In addition there is also a heap overflow. This bug is probably the same
as the one found by Lord YuP in September this year, but it still works
with the newest program build!

Bug 5.
There is some kind of bug while reading the config file. Even if the
"image send" option is disabled (by default it is) you can still send
small images, up to 100 bytes. This bug combined with bug number 4 allows
the attacker to send malicious packet with arbitrary code to any user who
have the attacker's uin on his contact list (even to the users who have
"image send" option disabled).

Bug 6.
Another vulnerability related to image sending rely on fact that image can
be divided into packets and sent one by one, but code responsible for
assembling files do the strange comparision. If the length of received
data is not equal to the expected length of file to receive, the receive
loop is not terminated. Attacker has full control over the length values
as they are retrieved directly from the received packets. So there is
another heap overflow, maybe this is that bug which Lord YuP found, who
knows, but beacause the file can be long, there is a lot of space for the
shellcode. This bug works with the newest version.

Bug 7.
There is also an integer overflow vulnerability which can be triggered in
a code portion responsible for the file receival through dcc. It is caused
by the fact that file length is fetched directly from the user packet and
it is compared to some maxlen value w

 

Chyba sie GG spiernikczylo. znowu. ponownie. kolejny raz.

 

nie... mi dziala

 

Nie wiem czy to gg nawala czy to moj komp, net, whatever ale ostatnio wysylam wiaodmosc na gg i nie dostje na nie zadnej odpowiedzi a jakos ciezko mi uwierzyc ze Aiden, Thon, Herbu i cala ta reszta mnie tu ignoruja tak perfidnie

 

Hmmm... a kiedy bedziesz miala staly dostep do neta ??

 

Do mnie jedynie dzisiaj doszlo na GG twoje zapytanie czy twoje wiadomosci dochodza .

GG cos nawala bo juz chyba kilka osob cos do mnie pisalo i tez nie doszlo. Poza tym ja czesto nie jestem przy kompie bo sie ucze na mature i wogole kompa mam zablokowanego .

Takze najlepiej ze mna kontaktowac sie przez mejl .

Po 9 maja jak sie skoncza te matury to juz powinienem byc czesciej na necie...

 

No, ja nic nie dostalem, ale przez weekend to mnie na kompie nie bylo.
Swoja droga... Handzik, use ICQ

 

ICQ sux!! a stalke powinnam miec jakos w przyszlym tygodniu

 

Jeszcze powiedz iz bedziesz ciagle na necie ze bedzie mozna z toba normalnie porozmaiwac i i i ze znowu wroca imprezy i gropowe na gg

 

Mam pytanie czy wam tez GG nie dziala czy tylko ja mam takie szczescie

 

Roger - Roger, w Eastbourne dziala

 

W Ottery St Mary tez dziala

 

W Swidniku rowniez dziala

 

w sydney tez chodzi

 

W Komorowie tyz

 

No i W Warszawie tez

 

W "Outer Rim" te¿ chodzi... a przynajmniej Kadu smiga, bo samego GG nie posiadam, inna sprawa - Linux is the best, nawet mi KOTORek smiga lepiej niz w tej powalonej Windzie

 

w Tsabo tez dziala

 

A w Czadzie dziala?

 

Rumcajs - a jak gieki pod linuxem odpalasz?? - bo na razie mam 2 systemy ale jak gierki zaczna biegac po linem to windowsa wywalam

 

Podobno najnowszy Aurox (11 bodajze) ma wbudowana aplikacje, dzieki ktorej gierki spod Windowsa dzialaja bezproblemowo.