digg

Facebook Connect Join Digg About

Girlfriend Discovers a DoS Vulnerability in Gaim

thesamet.com A trivial "DoS vulnerability" accidentally discovered in Gaim allows anyone to make your system unresponsive.

Who dugg this? Made popular Feb 23, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

94 Comments

show profanity settings
expand all
  • grexeo, on 10/12/2007, -14/+127Of course, it's much better to use closed-source software and just pretend bugs don't exist!
  • osc1882, on 10/23/2007, -5/+101LOL. Leave it to a girl to wreck a computer with out even trying. * ducks for cover *
  • implied, on 10/12/2007, -1/+73Digg.com has discovered a DoS vulnerability in this website.
  • wynd, on 10/12/2007, -8/+62Turn off graphical smileys?
  • mastercheif, on 10/12/2007, -3/+49The Moral of the story, don't piss off your girlfriend if you don't want zero day exploits to be run on your instant messaging protocol.
  • chicken101, on 10/12/2007, -7/+50You need to show your girlfriend that she has a vulnerability in her pants.

    *also ducks for cover*
  • inactive, on 10/12/2007, -1/+38LOL actually I'm just talking out my ass with the above claim; I have no idea. Just thought I'd throw a 'witty' comment out there and see how many people believed what I was saying! :)
  • inactive, on 10/12/2007, -5/+34That was a bug in the client, not the protocol stack.
  • inactive, on 10/12/2007, -1/+28someone explain why the "girlfriend" bit was worth telling people?
  • RoosterSoap, on 10/12/2007, -1/+24Am I the only one who saw girlfriend and denial of service and immediately had a bad high school flashback.
  • davidrools, on 10/12/2007, -0/+19http://www.thesamet.com.nyud.net:8080/blog/2007/02/22/girlfriend-discovers-a-dos-vulnerability-in-gaim/

    coral cache got it.
  • slipfish, on 10/12/2007, -1/+19Digg discovers a DoS Vulnerability in submitters server.
  • wisam, on 10/12/2007, -9/+25"This Account Has Exceeded Its CPU Quota"

    Account suspended after 35 diggs.
    Let's see how many will digg this story without even reading it
  • MasteRR, on 10/12/2007, -2/+17"@theone3
    Heres an idea, if you are unhappy with the holes in open source code, get off your ass, quit ya bitching and fix it yourself. That is the point of open source. If you don't like it, change it."

    Something a little more useful for those that are not coders:
    Submit bug reports. Bugs don't get fixed if no one reports them.
  • tsk1979, on 10/12/2007, -4/+19Next headline, Boyfriend discovers imaginary girlfriends on digg can fry servers
  • Wootery, on 10/12/2007, -0/+15@chicken101

    It's not a bug, it's a feature!
  • inactive, on 10/12/2007, -3/+17duh cause girls belong in the kitchen and NOT on my ***** computer!
  • firstdueco41, on 10/12/2007, -1/+14Yeah! I miss the old days when you had to guess what a smiley was...

    =:-&~~

    Ya baby...it's the rabid bunny rabbit!
  • Sp4nk, on 10/12/2007, -2/+13You guys do realize people can click the link without digging the story, right? Using the number of diggs as the only reference to how much traffic a site receives is simply ignorant.
  • jambarama, on 10/12/2007, -0/+10What schestowitz is talking about was a real thing, it was called the "ping of death." It affected GNU/Linux, Windows, Mac OS, printers, routers--basically everything. A malformed ping would crash or hang the whole system. You could (and still can) grab someone's IP from an IM client, but it is likely the IP publicly shown is a router or something. Anyhow, this has been fixed for more than a decade, and it wasn't Windows only.

    http://en.wikipedia.org/wiki/Ping_of_death
  • plagiats, on 10/12/2007, -0/+8http://www.thesamet.com.nyud.net:8090/blog/2007/02/22/girlfriend-discovers-a-dos-vulnerability-in-gaim/
    (nb: official yahoo messenger client avoids that by disabling graphic smileys after a given number : the first five appear graphical, then only text appears.)
  • wisam, on 10/12/2007, -3/+11Tried it on Gaim 2.0.0 beta 3.1 and nothing crashed. Maybe it's a bug in the stable release.
    And yes, I have myself on my own buddy list, how sick is that? :)
  • Wootery, on 10/12/2007, -1/+8@kb
    "quit ya bitching and fix it yourself"
    "because you can and you believe there is something to be fixed."

    I love FOSS as much as the next diggger, but you seem to think that so long as a project is open-source, it doesn't matter how much ass it sucks, you still can't say "This project sucks a great deal of ass".

    Just because people are given the freedom to improve it doesn't make criticism any less valid.
  • jm1234567890, on 10/12/2007, -1/+7oops
  • spadgos, on 10/12/2007, -2/+8he said he could kill gaim from the command line, so i'm assuming linux.
  • Hubris, on 10/12/2007, -2/+7I thought a Denial of Service didn't happen so much when you had a girlfriend, but started happening more often once you were married....
  • Myko, on 10/12/2007, -1/+6theone: I didn't think he was being overly apologetic for the developers, but giving helpful advice on how to protect yourself in the interim from the problem...
  • MasteRR, on 10/12/2007, -0/+5A bug can be exploited and used as a DoS attack. This could be used in that way. I would say it's a bug thats a DoS vulnerability.
  • bkool, on 10/12/2007, -0/+5cause if he had just called her a "friend" she probably would have DOSed him again.
  • idonthack, on 10/12/2007, -1/+5Why is spadgos getting buried?
  • code_of_life, on 10/12/2007, -0/+4Also try dragging a big JPEG into a chat window, Gaim will ask you if you want to set it as the buddy icon. If you mistakedly click on OK....BOOM your machine is down for the count.
    You will need to go into your gaim profile folder and delete the largest jpeg you find to bring things back to normal.
  • inactive, on 10/12/2007, -1/+5Gaim 2 beta 3.1 on Linux slows down and cpu goes way up but does not hang or crash either. Not a dualcore, P4.
  • GMorgan, on 10/12/2007, -5/+8AOL itself is an exploit. Make good coasters and frizbees though.
  • nottheonlychris, on 10/12/2007, -0/+3It does it on Windows Live Messenger too, maybe its just the way MSN network handles things but I'm not sure, I haven't tried it with other IM services.

    Me and my friends spammed each other to hell, we had to leave Messenger open (not responding @ 100% CPU) for like half an hour while it loaded all those emoticons and became respondent again. (It didnt help that MSN recieves messages when you first crash and go offline)
  • loconet, on 10/12/2007, -0/+3Workaround: get rid of girlfriend.
  • coredump0x01, on 10/12/2007, -1/+3Not working against Gaim 2.0 beta. It shuddered for a split second when I pasted it in but that was it, CPU usage is 0 for gaim.
  • computerdude33, on 10/12/2007, -3/+5So, this is a Gaim problem, not libgaim, right?

    *ducks for cover behind Adium*
  • shoota, on 10/12/2007, -0/+2same bug can be gotten by copying and pasting animated smilies to send in a message.
  • reject, on 10/12/2007, -2/+4All I really need is to know the basics of the story to Digg it. Yeah, I'm one of those, "RFTA," whores, but I like the spread of information, and if someone else finds the time/need to read the entire article, then they're welcome to it-- my Digging ***** just makes it easier for them to find the article, by giving it more Diggs.
  • jellygraph, on 10/12/2007, -2/+4DoS or merely a bug? I think calling it a DoS is almost a bit much.
  • djekz, on 10/12/2007, -0/+2I have found that GAIM on Linux never crashes on me. GAIM 2.0.0Beta3 on windows though I frequently have to kill it with task manager. I haven't noticed this as much with Beta6, but the windows version of GAIM has always been glitchy for me.
  • nesibus, on 10/12/2007, -0/+2He should have taken that as a sign to get a real girlfriend off of the internet.
  • ahmerhussain, on 10/12/2007, -0/+2Wouldn't this affect Adium as well? Since it uses libGaim?
  • f4st4word, on 10/12/2007, -2/+4Revealing pictures of your girlfriend, or it didn't happen
  • nakile, on 10/12/2007, -1/+3Am I the only one to misread that as "Garfield?"
    Garfield discovers a DoS Vulnerability in Gaim.
  • Bleeblaow, on 10/12/2007, -1/+2kb0x "because you can and you believe there is something to be fixed. "

    Wrong. He does not BELIEVE there is something to be fixed. There is something to be fixed. The project developers for gaim should fix it. Of course, it is quite possible that they have no idea the bug exists, but you sound like a fool by implying that it could be an OPINION/BELIEF that this is a bug. Plain and simple, it's a bug. Nobody uses software with the expectation that it can lock up your system via a simple exploit.
  • inactive, on 10/12/2007, -1/+2Actually saying that.. if you load Amsn disable smileys and paste over 10,000 smileys in your chat window, then press ctrl+up arrow and enter a few times you can easly crash windows live messenger or any msn messenger.

    Its a good defense when someone keeps adding you to a group conversation
  • Lane, on 10/12/2007, -1/+2why is it so important that he mention is right hand in the title?
  • WetSplatter, on 10/12/2007, -0/+1Nice, now everyone in the office who uses GAIM can't stay connected to messenger services , nice find
  • Fetching more discussions...
    Show 51 - 95 of 95 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.