BenjiBug: Exploiting Google Talk's Automatic Update for Denial of Service

BenjiBug: Exploiting Google Talk's Automatic Update for Denial of Service

CVE-2005-3899 · MEDIUM Severity

AV:N/AC:H/AU:N/C:N/I:N/A:C

The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target's DNS cache and causing a large update file to be sent, which consumes large amounts of CPU and memory during the signature verification, aka BenjiBug.

Learn more about our Web Application Penetration Testing UK.