[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ICQ remote buffer overflow vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: ICQ remote buffer overflow vulnerability
From: Daniel Tan <datan@xxxxxxxxxxxxxx>
Date: Sun, 06 Jan 2002 14:59:39 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

This is very similar to the AIM overflow recently discovered.

ICQ protocol uses the same TLV (2711) packet and there is a similar 
weakness in the parsing of the packet.


The details of this vulnerability will not be released until a 
further time (when a patch has been implemented, probably). ICQ2000 
clients are vulnerable. ICQ2001 clients do not appear to be 
vulnerable under default setup conditions.

Execution of arbitary code is possible since EAX/EBX point to within
the payload. 

Until AOL announces a patch/workaround, it is highly recommended to 
restrict receiving of events (other than normal messages) to contacts you 
know.


-------------
Daniel Tan
Class of 2004
Jerome Fisher Management & Technology Program
University of Pennsylvania, USA
datan@xxxxxxxxxxxxxx
datan@xxxxxxxxxxxxxxxxx
-------------

Follow-Ups:
- Re: ICQ remote buffer overflow vulnerability
  - From: Daniel Tan
- Re: ICQ remote buffer overflow vulnerability
  - From: elijah wright
- Re: ICQ remote buffer overflow vulnerability
  - From: Nick FitzGerald

Prev by Date: Faqmanager.cgi file read vulnerability
Next by Date: Re: Denial of Service flaw in Apache
Previous by thread: Faqmanager.cgi file read vulnerability
Next by thread: Re: ICQ remote buffer overflow vulnerability
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilotco.