[1][USEMAP:frame_r1_c1.gif]   [frame_r1_c3.gif]
   [2]Japanese
   
   SNS Advisory
   [title2_r1_c1.gif]
   
   [3][GoIndex.gif] [4][GoBack.gif] 
   
                                     21
                                      
   [5][GoNext.gif] [6]Japanese Edition
   
   SNS Advisory No.21
   IP Messenger 1.41 Denial of Service Vulnerability
   
   Problem first discovered: 10 Jan 2001
   Published: 30 Jan 2001
   
   Last Updated: 30 Jan 2001
     _________________________________________________________________
   
   Overview:
   
   A vulnerability exists in IP Messenger 1.41, a pop up style message
   communication software based on TCP/IP, which causes a denial of
   service condition.
   
     Problem Description:
     
     By receiving a great number of messages continuously, popup window
     could be opened and consume system memory until all available
     system resources were exhausted on Windows 98.
     
     On Windows 2000, a popup window continues opening to 1000 windows
     and the system does not operate correctly unless the application is
     forced to terminate.
     
                                 [21_1.gif]
     
              Fig1: denial of service condition on Windows 2000
     
                                 [21_2.gif]
     
        Fig2: the rate of memory usage in denial of service condition
     
     The software uses port 2425/UDP for exchange messages by default.
     The same problem is reproduced if a malformed message is
     broadcasted to the network.
     
     Typically, a chat software like this software could be used to make
     communication quickly. It is possible to perform denial of service
     attack all over the network, if a malformed message is sent broadly
     with spoofing.
     
     Tested on: 
     
     Windows 2000 Professional(Japanese version)
     
     Windows 98(Japanese version)
     
     Status of fixes: 
     
     This problem does not affect the version 1.42, available at
     following site. The maximum number of receiving messages is
     restricted by default, and a user can set it up.
     
     [7]http://www.asahi-net.or.jp/~VZ4H-SRUZ/ipmsg-eng.html
     
     Also, IP Messenger for Java 1.33, the version written in Java, has
     been fixed and is available from:
     
     [8]http://www.digitune.org/Java/IPMsg/
     
     Disclaimer:
     
     All information in these advisories are subject to change without
     any advanced notices neither mutual consensus, and each of them is
     released as it is. LAC Co.,Ltd. is not responsible for any risks of
     occurrences caused by applying those information.
     _________________________________________________________________
   
     Copyright(c) 1995-2002 Little eArth Corporation

References

   1. LYNXIMGMAP:http://www.lac.co.jp/security/english/snsadv_e/21_e.html#r1_c1Map
   2. http://www.lac.co.jp/security/index.html
   3. http://www.lac.co.jp/security/english/snsadv_e/index.html
   4. http://www.lac.co.jp/security/english/snsadv_e/20_e.html
   5. http://www.lac.co.jp/security/english/snsadv_e/22_e.html
   6. http://www.lac.co.jp/security/intelligence/SNSAdvisory/21.html
   7. http://www.asahi-net.or.jp/%7EVZ4H-SRUZ/ipmsg-eng.html
   8. http://www.digitune.org/Java/IPMsg/