Skype Network Remote DoS Exploit

2007.08.21

Credit: Valery Marchuk

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-4429

CWE: CWE-noinfo

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Partial

Hi all!
On SecurityLab.ru forum an exploit code was published by an anonymous user.
Reportedly it must have caused Skype massive disconnections today.
The PoC uses standard Skype client to call to a specific number. This call
causes denial of service of current Skype server and forces Skype to
reconnect to another server. The new server also "freezes" and so on ... the
entire network.
Liks: http://www.securitylab.ru/news/301422.php
PoC: http://en.securitylab.ru/poc/301420.php
Best regards,
Valery Marchuk
www.SecurityLab.ru

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Skype Network Remote DoS Exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.