Common Vulnerabilities and Exposures assigned an identifier CVE-2007-2195 to the following vulnerability: aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337. References: [1] http://www.securityfocus.com/bid/23583 [2] http://osvdb.org/39116 [3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557754 Reproducer: [4] http://www.securityfocus.com/data/vulnerabilities/exploits/23583.c
I was unable to reproduce this issue based on [4]. Upstream bug report for another (CVE-2006-0138) issue mentions this (CVE-2007-2195) issue doesn't exist anymore: [5] http://sourceforge.net/tracker/?func=detail&aid=2921641&group_id=54091&atid=472655 But since I have been having issues to reproduce the CVE-2006-0138 issue too: [6] https://bugzilla.redhat.com/show_bug.cgi?id=821416#c1 someone more familiar with amsn code should have a look at this if it's still an issue or not. Note: Hard to identify relevant upstream SVN commit. Amsn v0.97 Changelog: http://amsn.sourceforge.net/wiki/tiki-index.php?page=ChangeLog mentions: "Only for amsn-remote,fixed possible DoS attack, and make remote not reply to commands when it's not enabled, instead of waiting for authentication and parsing commands, which may lead to parse errors." but I am not sure if this is the fix for CVE-2007-2195 issue. If you upon investigation / testing would realize, this issue is fixed already, feel free to close this report as invalid / notabug.