[VOIPSEC] [Voptalk] Sample exploit code associated with the skype service disruption
Raul Siles
raul.siles at gmail.com
Wed Aug 22 07:27:21 CDT 2007
Please, find below some additional details and pointers from the
Securiteam blog:
http://blogs.securiteam.com/?p=983
Just for the records, new Windows Skype version on August 17, 2007 (3.5.0.214):
http://www.skype.com/download/skype/windows/
The truth is out there! ;)
Raul Siles
On 8/20/07, Raul Siles <raul.siles at gmail.com> wrote:
> Hi Peter,
> Skype's explanation is very different... Windows updates!
>
> http://isc.sans.org/diary.html?storyid=3292
> http://heartbeat.skype.com/2007/08/what_happened_on_august_16.html
>
> The truth is out there! ;)
> Raul
>
> On 8/20/07, Peter Thermos <peter.thermos at palindrometech.com> wrote:
> > It appears that lasts week's Skype service disruptions are associated with a
> > malformed address URI submitted by a Skype client. Sending a long malformed
> > URI cripples the Skype server which causes the Skype client to reconnect to
> > the next Skype server and submits the same query which has the same effect.
> > In essence the attacker can traverse the list of Skype servers and disrupt
> > the entire Skype network.
> >
> > Here is the link to the code.
> > http://en.securitylab.ru/poc/extra/301419.php
> >
> > Does anyone have any additional info on this?
> >
> > Peter
> >
> > _______________________________________________
> > - The VoPSecurity Forum -
> >
> > To post a message to the mailing list send an email to [
> > voptalk_at_lists.vopsecurity.org ]
> >
>
More information about the Voipsec
mailing list