[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICQ remote buffer overflow vulnerability

To: Daniel Tan <datan@xxxxxxxxxxxxxx>
Subject: Re: ICQ remote buffer overflow vulnerability
From: elijah wright <elw@xxxxxxxxxx>
Date: Mon, 7 Jan 2002 16:33:44 -0500 (EST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <3C38ACAB.474676E2@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

> This is very similar to the AIM overflow recently discovered.
> ICQ protocol uses the same TLV (2711) packet and there is a similar
> weakness in the parsing of the packet.

duh, that's because its essentially the same protocol.  :)

ICQ clients should probably be viewed with the same suspicion as the
vulnerable AIM clients.

elijah

Follow-Ups:
- Re: ICQ remote buffer overflow vulnerability
  - From: Daniel Tan
- Re: ICQ remote buffer overflow vulnerability
  - From: 'ken'@FTU

References:
- ICQ remote buffer overflow vulnerability
  - From: Daniel Tan

Prev by Date: Re: Aftpd core dump vulnerability
Next by Date: Re: ICQ remote buffer overflow vulnerability
Previous by thread: Re: ICQ remote buffer overflow vulnerability
Next by thread: Re: ICQ remote buffer overflow vulnerability
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilotco.