Red Hat Bugzilla – Bug 821416
CVE-2006-0138 amsn: DoS (client hang, termination of client's IM session) via repeatedly sending crafted data to default file-transfer port
Last modified: 2012-08-25 20:22:20 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2006-0138 to the following vulnerability:
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).
I have tried to test / reproduce this issue on Fedora-15 / Fedora-16 versions (based on ), but unable to reproduce it, because according to aMSN -> Account -> Preferences -> Connection tab -> "File transfer, peer-to-peer and NAT settings" and "Test port" button my connection is:
"You are firewalled or behind a router"
thus running the ./dos.pl from  returns 'Connection refused' for me. But since there doesn't seem to be an upstream patch for this issue yet, I would say Fedora-15 and Fedora-16 amsn package versions are still vulnerable to this issue.
Please schedule an update once there is final upstream patch version available.
Created amsn tracking bugs for this issue
Affects: fedora-all [bug 821435]
amsn-0.98.9-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.