Girlfriend Discovers a DoS Vulnerability in Gaim

It will probably be hard for you to believe, but my girlfriend discovered a DoS vulnerability in Gaim. No, don’t worry. She is not a computer geek (One in a relationship is certainly enough). The story of my girlfriend’s important discovery goes like this:

I was chatting with her some days ago using Gaim (she uses MS Messenger). At some point, she had sent me the following attack vector:

:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(

As she deeply disliked something I had said to her …

Gaim replaced each “:(” with a sad animated 🙁 emoticon. From a mysterious reason, a few dozens of sad emoticons made Gaim choke. CPU usage was at 100% and the system felt highly unresponsive. It was impossible to use Gaim at all.

Luckily, I was able to kill Gaim from the command-line. I started it again hoping for the best, however, when I opened the chat window again, the attack vector was still there (retrieved from the logs) and Gaim choked yet again. I had to manually remove the few last lines from the log files, so I’ll be able to speak with her again.

To make a long story short, my girlfriend is now happy again.

Note: This episode of Thesamet.com was recorded 10 days ago, when Gaim developers were notified of this.

Clarification: For some reason, some people consider this to be a chauvinistic post. My girlfriend is a very intelligent person, she is not interested in software security. We were both surprised that she unintentionally discovered this. That’s it.

P.S.: The first paragraph of this post was written by her. She said it will help it to “do well on digg”.

This entry was posted in daily. Bookmark the permalink.

66 Responses to Girlfriend Discovers a DoS Vulnerability in Gaim

  1. Aldoliel says:

    It works with the animated bat icons as well. I would wager it’s something to do with the image rendering library on which gaim depends, but that’s just me.

  2. Nadav Samet says:

    That’s probably it. By the way, on which platform have you tried it?

  3. Daniel says:

    Back in the bad old days (before I quit using Microsoft) I used to do this to my friends on MSN Messenger. A single message wouldn’t have the effect you described, but you could keep spamming smilies at them and they’d go completely unresponsive.

  4. Samuel Blowes says:

    What did you say to make her so unhappy that she DoS’d you?

  5. Vishal Arya says:

    some one needs to get a faster machine and more ram.
    or
    find a gf that does not DoS you when she is sad

    good news is it was not a DDoS….imagine if u had many gf’s sad then it would have been Distributed DoS attack

  6. Tim says:

    Quick fix (if you haven’t figured it out already): Turn off graphical emoticons.

    I never liked them anyway. My philosophy is that IM and email should only contain links and text, not graphics.

  7. Kirill says:

    Amazing, but skype is not vinerble. I’ve checked it with my girlfirend, and skype shows not more, than few tens of emotions animated (others are stuck on first frame forever).

  8. Ducky says:

    Two comments:
    * Does not seems to kill Gaim 2 (beta) on Debian 4.0 (testing)
    * “One [geek] in a relationship is certainly enough” – Speak for yourself, buddy! =D (or perhaps: perl -e ‘print “=P” x 200’ 😉

  9. Monkeyget says:

    Msn messenger has a similar problem excepted that it doesn’t choke on smileys it choke on text…

    When you send relatively big text messages messenger takes 100% of the processor for quite some time.

    I first noticed that when i made a bot which worked as a remote console through instant messaging. When i did an ls it would take an awful lot of time to display. I thought that it was probably the service I used to create the bot which was located on china. But no, it was just messenger choking.

    It took ten time as much time for messenger to display the received message than it took time so send the message which is quite a feat since each request travelled like this : europe -> china -> europe -> china ->europe.

    They have solved the problem : now the text is truncated…

  10. nabby says:

    maybe the real lesson is you should be nicer to your girlfriend. 🙂

  11. keef says:

    At least they would have a reason to be unhappy 🙂

  12. Jared says:

    I suspect this has something to do with the general performance of anything Java in Windows.

  13. thesamet says:

    Sometimes my sense of humor can’t be translated properly to IM. 🙂

  14. snork says:

    There are worse DoS’s you can get from your girlfriend

  15. Brian Klug says:

    “It will probably be hard for you to believe, but my girlfriend discovered a DoS vulnerability in Gaim.”

    Why would that be hard to believe? This implies you believe women are unlikely to find DoS vulnerabilities. This makes you a chauvinistic pig.

  16. Matthew Brady says:

    Cool Story Hansel!

  17. martoq says:

    Don’t be a tool.

    You immediately assume the worst, when for all you know, his girlfriend is completely computer illiterate so he was surprised that she of all people found this. If we could all be as perfect as you on our high horses, the world would be a better place I would imagine…sarcasm.

  18. David says:

    Whew! Good thing Gaim isn’t written in Java!

    http://sourceforge.net/projects/gaim/

  19. N says:

    Any self-respecting geek would have graphical smiley’s turned off. There are just too many cases where you copy/paste code and it converts it to smileys. 🙂 🙂 🙂

  20. Steven Gray says:

    Yeah the same happened to me a few weeks back … see the post on my blog at:

    http://frogo.co.uk/archives/2007/the-king-of-the-emoticons-strikes-again/

    Funny funny stuff 🙂

  21. lf says:

    I’d stop responding too if you kept sending nothing but smilies 😛

  22. Jon says:

    If you havn’t already, please please please submit this as a bug report. Bugs don’t get fixed if they are not reported and this is one that really needs to be fixed.

    http://sourceforge.net/tracker/?func=add&group_id=235&atid=100235

  23. Ross says:

    Yes he could have gotten one of those venereal DoS’s…..

  24. M says:

    Sorry, DoS, “attack vector” etc., etc., seems to be a bit overkill for what is nothing more than a bug, i.e. a boundary condition.

    Having done software development for a living I can speak all too well about boundary conditions and code that consumes too much CPU once you cross some threshold.

    So yeah I’m going to go attack GAIM users right now… let’s see, who can I attack? Um, yeah, nobody, since A) No one I IM with uses GAIM B) I can’t discriminate between GAIM and non-GAIM users C) I’m not talking to random people on the Internet via IM.

    This is a lot of hot air.

    -M

  25. towsonu2003 says:

    Not only you are stupidly sexist, you don’t really know how to publicize security vulnerabilities to the public. Please provide the link to the bug report as proof that you *really* notified the devels and to make it easy for us to follow the process. Oh, also, tell your girlfriend to read this story and dump you… thanks.

  26. Bill says:

    I have to agree with martoq there Brian. This is his personal blog – so he is probably posting this for people he knows to read and, since he knows them, they probably know his girlfriend.

    Even if he isn’t writing to them, he is writing from his perspective – one where he knows his girlfriend isn’t high on the list of potential vulnerability discoverers. My wife isn’t either – does that make me a chauvinistic pig for admitting it?

  27. th says:

    ROFL

    Anyway, for some reason my ex’s brother used to be able to crash ZoneAlarm by cutting and pasting his IM convos. Must’ve been something about his font/color settings that it didn’t like. Made for conversations with him rather annoying if he did it, had to reboot cause I’d lose network.

  28. Ed says:

    There’s one better than this, you don’t even have to send emoticons, but by using Kopete and communicating to a user using Window Messenger, by sending a large packet, you can crash them.

    Something as simple as:
    /exec -o xxd /usr/bin/vi

    The best bit is, no body knows it was you. To kill the flood, just ps killall xxd (or kill the pid).

    I’ve not managed to isolate what’s causing it as of yet, but I believe it might be something to do with the message block buffer.

  29. ray says:

    does not effect me much
    windows xp w/ 768mb RAM running gaim 2.0 beta 5

  30. Aldoliel says:

    On my old Xubuntu machine. It only takes seven or eight to really slow things down.

    Both Gaim 1.5 and 2.0 seem to come down with it, I end up just turning off the graphical emoticons.

  31. Han says:

    “She is not a computer geek (One in a relationship is certainly enough).”

    Whats wrong with two geeks in a relationship!? Its useful when you’ve got someone to debug things for you!

  32. thesamet says:

    I’ve updated the post with some more clarifications.

  33. Pingback: » Blog Archive » Un ataque a linux via Gaim descubierto por accidente

  34. AnotherBUGYourGirlfriendHasNotFoundYet says:

    Also try dragging a big JPEG into a chat window, Gaim will ask you if you want to set it as the buddy icon. If you mistakedly asnswer yes….BOOM your pc is down for the count.
    You will need to go into your gaim profile folder and delete the largest jpeg you find to bring things back to normal.

  35. Benjamin says:

    Wow, towsonu2003 you really need to let up on this guy a little bit. He posted a mildly amusing bug that his (I’m assuming) not-so-tech-savvy girlfriend discovered while IM’ing with him.

    My girlfriend would be stoked if I blogged about her discovering something on the computer that I didn’t, and even happier if it got dugg. Somehow I doubt he’s hiding his blog from her, and I’m sure she knows what he said.

    Also, when did he say he was going to report the bug? You came very close to calling him a liar, because you didn’t seem to pay much attention or actually read the post.

    Try to act a little more educated next time.

  36. Somedude says:

    Yea, I’m using LINUX to run game and that ain’t happening.

  37. Ben says:

    It IS a weird title for this story.. people are used to reading headlines that relate to them. So by using the word girlfriend, it means she must have a important role in the story.. which she does not. She didn’t even discover it.

  38. Jason says:

    “Why would that be hard to believe? This implies you believe women are unlikely to find DoS vulnerabilities. This makes you a chauvinistic pig.”

    An observation regarding a specific individual hardly implies how one regards the entire gender.

  39. Adger Linux says:

    As they say it is the little things that can be a person’s or a products undoing.
    More than a few individual’s shadows or product vulnerabilities have been discovered by girlfriends just “poking around”

  40. BYE says:

    Doesn’t seem to affect Adium which uses GAIM libraries…

  41. towsonu2003 says:

    > “The first paragraph of this post was written by her. She said it will help it to “do well on digg”.”

    it doesn’t matter who wrote the crap. The crap is crap and *you* are responsible as its publisher. If your girlfriend wrote the crap, tell her to take a few women’s studies classes (to learn about internalized oppression), dump you (bc you agreed to publish crap about her), and get her own blog (to get a voice of her own).

    What’s done is done. Hopefully, next time you’ll be careful about what your fingers tell you to write.

    > also, as reply to “when did he say he was going to report the bug?”

    it is kind to report vulnerabilities to devels before making them public. The blog owner apparently knows this and says “This episode of Thesamet.com was recorded 10 days ago, when Gaim developers were notified of this.” But he still needs to give us a *source*, which, in this case, should be a link to the bug report, so we can *follow up* on what’s going on…

  42. Tyler says:

    Anyone who thought this post was “chauvinistic” is fucking retarded. No need for clarification, the story speaks for itself. Not to mention the fact that your girlfriend, herself, wrote the first paragraph. AM I THE ONLY ONE WHO GIVES A DAMN ABOUT THE RULES?!

  43. thesamet says:

    towsonu2003, I am sorry that you have found this post sexist. As I didn’t say (or meant to imply) anything about women in general, but only about my girlfriend, I don’t think there is a room for this interpretation.

    Perhaps, the combination of the headline I chose with the huge public attention the post generated, can suggest that many people see it as a curious that a woman discovers anything security related. But that’s society.

    I never claimed that I filed a bug report. The moment I found about this, I immediately notified one of the developers by e-mail. I got a reply from him few hours later.

  44. Adam Fortuna says:

    Nice. 🙂 I remember there used to be a similar hole in AIM where you could send someone a file with a specific name and it would crash that users AIM before they even had an idea that they were receiving something. You could do it to anyone on your list and no one would know.

  45. Drooling_Sheep says:

    GTK != Java

    Yes, the GTK widgets and the (whatever the default java graphical library is called…swing mabye) are both ugly as all get out, but they’re distinct.

  46. gutistg says:

    I think he might have been using intentional hyperbolic statements to a comical effect… lol.

  47. andy says:

    obviously you’re not a golfer

  48. Jim Davis says:

    Thats weird you have got me curious now i am definately going to try it.

Leave a Reply

Your email address will not be published. Required fields are marked *