CVE-2006-0138
published 2006-01-09CVE-2006-0138: aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by…
PriorityP422medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
6.43%
92.8th percentile
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2006-0138 amsn: DoS (client hang, termination of client's IM session) via repeatedly sending crafted data to default file-transfer port
bugzilla·2012-05-14·CVSS 5.0
CVE-2006-0138 [MEDIUM] CVE-2006-0138 amsn: DoS (client hang, termination of client's IM session) via repeatedly sending crafted data to default file-transfer port
CVE-2006-0138 amsn: DoS (client hang, termination of client's IM session) via repeatedly sending crafted data to default file-transfer port
Common Vulnerabilities and Exposures assigned an identifier CVE-2006-0138 to the following vulnerability:
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0138
[2] http://www.osvdb.org/22186
[3] https://bugs.gentoo.org/show_bug.cgi?id=415861
[4] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557754
Reproducer:
[5] http://www.securiteam.com/exploits/5JP090KHFQ.html
Upstream ticket:
[6] http://sour
Bugzilla
CVE-2007-2195 amsn: DoS (client crash) via sending invalid data to TCP port 31337
bugzilla·2012-05-14·CVSS 5.0
CVE-2007-2195 [MEDIUM] CVE-2007-2195 amsn: DoS (client crash) via sending invalid data to TCP port 31337
CVE-2007-2195 amsn: DoS (client crash) via sending invalid data to TCP port 31337
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-2195 to the following vulnerability:
aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers to cause a denial of service (application crash) by sending invalid data to TCP port 31337.
References:
[1] http://www.securityfocus.com/bid/23583
[2] http://osvdb.org/39116
[3] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557754
Reproducer:
[4] http://www.securityfocus.com/data/vulnerabilities/exploits/23583.c
Discussion:
I was unable to reproduce this issue based on [4]. Upstream bug report for another (CVE-2006-0138) issue mentions this (CVE-2007-2195) issue doesn't exist anymore:
[5] http://sourceforge.net/tracker/?func=d
Bugzilla
CVE-2006-0138 amsn: DoS (client hang, termination of client's IM session) via repeatedly sending crafted data to default file-transfer port [fedora-all]
bugzilla·2012-05-14·CVSS 5.0
CVE-2006-0138 [MEDIUM] CVE-2006-0138 amsn: DoS (client hang, termination of client's IM session) via repeatedly sending crafted data to default file-transfer port [fedora-all]
CVE-2006-0138 amsn: DoS (client hang, termination of client's IM session) via repeatedly sending crafted data to default file-transfer port [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update
2006-01-09
Published