Red Hat Bugzilla – Bug 821431
CVE-2007-2195 amsn: DoS (client crash) via sending invalid data to TCP port 31337
Last modified: 2012-05-14 09:21:17 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-2195 to the following vulnerability:
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
I was unable to reproduce this issue based on . Upstream bug report for another (CVE-2006-0138) issue mentions this (CVE-2007-2195) issue doesn't exist anymore:
But since I have been having issues to reproduce the CVE-2006-0138 issue too:
someone more familiar with amsn code should have a look at this if it's still an issue or not.
Note: Hard to identify relevant upstream SVN commit. Amsn v0.97 Changelog:
"Only for amsn-remote,fixed possible DoS attack, and make remote
not reply to commands when it's not enabled, instead of waiting
for authentication and parsing commands, which may lead to parse
but I am not sure if this is the fix for CVE-2007-2195 issue.
If you upon investigation / testing would realize, this issue is
fixed already, feel free to close this report as invalid / notabug.