Girlfriend Discovers a DoS Vulnerability in Gaim
Feb 22nd, 2007 by thesamet
It will probably be hard for you to believe, but my girlfriend discovered a DoS vulnerability in Gaim. No, don’t worry. She is not a computer geek (One in a relationship is certainly enough). The story of my girlfriend’s important discovery goes like this:
I was chatting with her some days ago using Gaim (she uses MS Messenger). At some point, she had sent me the following attack vector:
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(:(
As she deeply disliked something I had said to her …
emoticon. From a mysterious reason, a few dozens of sad emoticons made Gaim choke. CPU usage was at 100% and the system felt highly unresponsive. It was impossible to use Gaim at all.
Luckily, I was able to kill Gaim from the command-line. I started it again hoping for the best, however, when I opened the chat window again, the attack vector was still there (retrieved from the logs) and Gaim choked yet again. I had to manually remove the few last lines from the log files, so I’ll be able to speak with her again.
To make a long story short, my girlfriend is now happy again.
Note: This episode of Thesamet.com was recorded 10 days ago, when Gaim developers were notified of this.
Clarification: For some reason, some people consider this to be a chauvinistic post. My girlfriend is a very intelligent person, she is not interested in software security. We were both surprised that she unintentionally discovered this. That’s it.
P.S.: The first paragraph of this post was written by her. She said it will help it to “do well on digg”.
It works with the animated bat icons as well. I would wager it’s something to do with the image rendering library on which gaim depends, but that’s just me.
That’s probably it. By the way, on which platform have you tried it?
On my old Xubuntu machine. It only takes seven or eight to really slow things down.
Both Gaim 1.5 and 2.0 seem to come down with it, I end up just turning off the graphical emoticons.
Back in the bad old days (before I quit using Microsoft) I used to do this to my friends on MSN Messenger. A single message wouldn’t have the effect you described, but you could keep spamming smilies at them and they’d go completely unresponsive.
I’d stop responding too if you kept sending nothing but smilies
What did you say to make her so unhappy that she DoS’d you?
Sometimes my sense of humor can’t be translated properly to IM.
some one needs to get a faster machine and more ram.
or
find a gf that does not DoS you when she is sad
good news is it was not a DDoS….imagine if u had many gf’s sad then it would have been Distributed DoS attack
At least they would have a reason to be unhappy
Quick fix (if you haven’t figured it out already): Turn off graphical emoticons.
I never liked them anyway. My philosophy is that IM and email should only contain links and text, not graphics.
Amazing, but skype is not vinerble. I’ve checked it with my girlfirend, and skype shows not more, than few tens of emotions animated (others are stuck on first frame forever).
Two comments:
* Does not seems to kill Gaim 2 (beta) on Debian 4.0 (testing)
* “One [geek] in a relationship is certainly enough” - Speak for yourself, buddy! =D (or perhaps: perl -e ‘print “=P” x 200′
Msn messenger has a similar problem excepted that it doesn’t choke on smileys it choke on text…
When you send relatively big text messages messenger takes 100% of the processor for quite some time.
I first noticed that when i made a bot which worked as a remote console through instant messaging. When i did an ls it would take an awful lot of time to display. I thought that it was probably the service I used to create the bot which was located on china. But no, it was just messenger choking.
It took ten time as much time for messenger to display the received message than it took time so send the message which is quite a feat since each request travelled like this : europe -> china -> europe -> china ->europe.
They have solved the problem : now the text is truncated…
maybe the real lesson is you should be nicer to your girlfriend.
I suspect this has something to do with the general performance of anything Java in Windows.
Whew! Good thing Gaim isn’t written in Java!
http://sourceforge.net/projects/gaim/
GTK != Java
Yes, the GTK widgets and the (whatever the default java graphical library is called…swing mabye) are both ugly as all get out, but they’re distinct.
There are worse DoS’s you can get from your girlfriend
Yes he could have gotten one of those venereal DoS’s…..
ROFL
ROFL
Anyway, for some reason my ex’s brother used to be able to crash ZoneAlarm by cutting and pasting his IM convos. Must’ve been something about his font/color settings that it didn’t like. Made for conversations with him rather annoying if he did it, had to reboot cause I’d lose network.
“It will probably be hard for you to believe, but my girlfriend discovered a DoS vulnerability in Gaim.”
Why would that be hard to believe? This implies you believe women are unlikely to find DoS vulnerabilities. This makes you a chauvinistic pig.
Don’t be a tool.
You immediately assume the worst, when for all you know, his girlfriend is completely computer illiterate so he was surprised that she of all people found this. If we could all be as perfect as you on our high horses, the world would be a better place I would imagine…sarcasm.
I have to agree with martoq there Brian. This is his personal blog - so he is probably posting this for people he knows to read and, since he knows them, they probably know his girlfriend.
Even if he isn’t writing to them, he is writing from his perspective - one where he knows his girlfriend isn’t high on the list of potential vulnerability discoverers. My wife isn’t either - does that make me a chauvinistic pig for admitting it?
“Why would that be hard to believe? This implies you believe women are unlikely to find DoS vulnerabilities. This makes you a chauvinistic pig.”
An observation regarding a specific individual hardly implies how one regards the entire gender.
Cool Story Hansel!
Any self-respecting geek would have graphical smiley’s turned off. There are just too many cases where you copy/paste code and it converts it to smileys.
:) 
Yeah the same happened to me a few weeks back … see the post on my blog at:
http://frogo.co.uk/archives/2007/the-king-of-the-emoticons-strikes-again/
Funny funny stuff
If you havn’t already, please please please submit this as a bug report. Bugs don’t get fixed if they are not reported and this is one that really needs to be fixed.
http://sourceforge.net/tracker/?func=add&group_id=235&atid=100235
Sorry, DoS, “attack vector” etc., etc., seems to be a bit overkill for what is nothing more than a bug, i.e. a boundary condition.
Having done software development for a living I can speak all too well about boundary conditions and code that consumes too much CPU once you cross some threshold.
So yeah I’m going to go attack GAIM users right now… let’s see, who can I attack? Um, yeah, nobody, since A) No one I IM with uses GAIM B) I can’t discriminate between GAIM and non-GAIM users C) I’m not talking to random people on the Internet via IM.
This is a lot of hot air.
-M
I think he might have been using intentional hyperbolic statements to a comical effect… lol.
Not only you are stupidly sexist, you don’t really know how to publicize security vulnerabilities to the public. Please provide the link to the bug report as proof that you *really* notified the devels and to make it easy for us to follow the process. Oh, also, tell your girlfriend to read this story and dump you… thanks.
There’s one better than this, you don’t even have to send emoticons, but by using Kopete and communicating to a user using Window Messenger, by sending a large packet, you can crash them.
Something as simple as:
/exec -o xxd /usr/bin/vi
The best bit is, no body knows it was you. To kill the flood, just ps killall xxd (or kill the pid).
I’ve not managed to isolate what’s causing it as of yet, but I believe it might be something to do with the message block buffer.
does not effect me much
windows xp w/ 768mb RAM running gaim 2.0 beta 5
“She is not a computer geek (One in a relationship is certainly enough).”
Whats wrong with two geeks in a relationship!? Its useful when you’ve got someone to debug things for you!
I’ve updated the post with some more clarifications.
[...] : ( por la imagen causa que Linux no responda. El vínculo original del descubrimiento se encuentra aquí. Este artículo fue publicado on Friday, February 23rd, 2007 at 10:13 am y está bajo categoría [...]
Also try dragging a big JPEG into a chat window, Gaim will ask you if you want to set it as the buddy icon. If you mistakedly asnswer yes….BOOM your pc is down for the count.
You will need to go into your gaim profile folder and delete the largest jpeg you find to bring things back to normal.
Wow, towsonu2003 you really need to let up on this guy a little bit. He posted a mildly amusing bug that his (I’m assuming) not-so-tech-savvy girlfriend discovered while IM’ing with him.
My girlfriend would be stoked if I blogged about her discovering something on the computer that I didn’t, and even happier if it got dugg. Somehow I doubt he’s hiding his blog from her, and I’m sure she knows what he said.
Also, when did he say he was going to report the bug? You came very close to calling him a liar, because you didn’t seem to pay much attention or actually read the post.
Try to act a little more educated next time.
Yea, I’m using LINUX to run game and that ain’t happening.
It IS a weird title for this story.. people are used to reading headlines that relate to them. So by using the word girlfriend, it means she must have a important role in the story.. which she does not. She didn’t even discover it.
As they say it is the little things that can be a person’s or a products undoing.
More than a few individual’s shadows or product vulnerabilities have been discovered by girlfriends just “poking around”
Doesn’t seem to affect Adium which uses GAIM libraries…
> “The first paragraph of this post was written by her. She said it will help it to “do well on digg”.”
it doesn’t matter who wrote the crap. The crap is crap and *you* are responsible as its publisher. If your girlfriend wrote the crap, tell her to take a few women’s studies classes (to learn about internalized oppression), dump you (bc you agreed to publish crap about her), and get her own blog (to get a voice of her own).
What’s done is done. Hopefully, next time you’ll be careful about what your fingers tell you to write.
> also, as reply to “when did he say he was going to report the bug?”
it is kind to report vulnerabilities to devels before making them public. The blog owner apparently knows this and says “This episode of Thesamet.com was recorded 10 days ago, when Gaim developers were notified of this.” But he still needs to give us a *source*, which, in this case, should be a link to the bug report, so we can *follow up* on what’s going on…
towsonu2003, I am sorry that you have found this post sexist. As I didn’t say (or meant to imply) anything about women in general, but only about my girlfriend, I don’t think there is a room for this interpretation.
Perhaps, the combination of the headline I chose with the huge public attention the post generated, can suggest that many people see it as a curious that a woman discovers anything security related. But that’s society.
I never claimed that I filed a bug report. The moment I found about this, I immediately notified one of the developers by e-mail. I got a reply from him few hours later.
Anyone who thought this post was “chauvinistic” is fucking retarded. No need for clarification, the story speaks for itself. Not to mention the fact that your girlfriend, herself, wrote the first paragraph. AM I THE ONLY ONE WHO GIVES A DAMN ABOUT THE RULES?!
> AM I THE ONLY ONE WHO GIVES A DAMN ABOUT THE RULES?!
Apart from the childish outburst, by rules, do you mean the rules of ?
oh, and, not knowing is not bad… not learning is. I hope the blog owner learnt from his mistake, looked deep inside his own assumptions, and is now doing something to change those false assumptions that lead to this whole thing.
obviously you’re not a golfer
Nice.
I remember there used to be a similar hole in AIM where you could send someone a file with a specific name and it would crash that users AIM before they even had an idea that they were receiving something. You could do it to anyone on your list and no one would know.
Thats weird you have got me curious now i am definately going to try it.
[...] Girlfriend Discovers a DoS Vulnerability in Gaim [...]
Not entirely equivalent, but I’ve experienced similar issue with a gaim plugin as well: gaim-festival, which turns IM text into speech and speak it out. My colleagues make fun out of it, and send me messages like: “hihihihihihihihihihihihihihihihihi…” at first it’s really funny to see the sound deteriorate with the sheer length of message, but that managed to crash my gaim once later. I never turn it on again anymore.