Common Vulnerabilities and Exposures assigned an identifier CVE-2006-0138 to the following vulnerability: aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891). References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0138 [2] http://www.osvdb.org/22186 [3] https://bugs.gentoo.org/show_bug.cgi?id=415861 [4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557754 Reproducer: [5] http://www.securiteam.com/exploits/5JP090KHFQ.html Upstream ticket: [6] http://sourceforge.net/tracker/?func=detail&aid=2921641&group_id=54091&atid=472655
I have tried to test / reproduce this issue on Fedora-15 / Fedora-16 versions (based on [5]), but unable to reproduce it, because according to aMSN -> Account -> Preferences -> Connection tab -> "File transfer, peer-to-peer and NAT settings" and "Test port" button my connection is: "You are firewalled or behind a router" thus running the ./dos.pl from [5] returns 'Connection refused' for me. But since there doesn't seem to be an upstream patch for this issue yet, I would say Fedora-15 and Fedora-16 amsn package versions are still vulnerable to this issue. Please schedule an update once there is final upstream patch version available.
Created amsn tracking bugs for this issue Affects: fedora-all [bug 821435]
amsn-0.98.9-4.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.