RE: AIM 0day DoS

From: BlueJAMC (bluejamcat_private)
Date: Wed Oct 03 2001 - 09:47:47 PDT

Next message: KF: "Re: OpenUNIX 8 & Unixware possible local root"

Previous message: Rob Bartlett - CPRE EMEA: "Re: OpenUNIX 8 & Unixware possible local root"
In reply to: Tony Lambiris: "AIM 0day DoS"
Next in thread: Don: "Re: AIM 0day DoS"
Next in thread: Jason Barbour: "Fw: AIM 0day DoS"
Reply: Don: "Re: AIM 0day DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is hardly 0-day, and I think that the authors of this advisory know
it.  I'm sure that AOL has also been made aware of it many times over.
There are also numerous other buffer overflows, including sending files
with overly long filenames, sending invalid font tags, buddy icons which
are malformed, etc, etc.  There has been a program out for months, in
fact, which allows a person to use their normal AIM client to kick
people off.  This program has been around for months, and has been open
source for months.  I will not name that program here because there are
no doubt numerous kiddies who would love to be able to punt, but it is
out there.  (Hello, Robbie.)

A little more details on the exploit which Angrypacket supposedly
discovered:

It affects all of AOL's versions of AIM for Win32.  It also affects all
versions of Netscape's AIM, with the exception of the AIM program
included with Netscape 6.1.  It effects gAIM, but only when the user is
connected to gAIM via the Oscar protocol.  It does not appear to affect
Mac clients, or AOL's Java client.  It does not appear any clients which
connect via the TOC protocol, namely TiK, miniTiK, tnt, jaim, jam, etc,
due to limitations in the size of the commands you can send to the
server through TOC.  When a person using TOC has a punt attempt against
them, it simply says, "The previous message was too long and could not
be displayed."  I am not sure about applications like Jabber, Trillian,
Odigo, etc, as I have not looked into what protocol they use to connect
to AIM, nor have I tested those clients.

I hope this helps clear up any questions which could easily have been
created by the vagueness of this advisory.

BlueJAMC
DKG/CTC

-----Original Message-----
From: Tony Lambiris [mailto:methodicat_private] 
Sent: Tuesday, October 02, 2001 5:54 PM
To: bugtraqat_private
Subject: AIM 0day DoS

We just finished writing a proof-of-concept DoS exploit for the <!-- bug

recently found in AIM (at least for Windows..).

It can be found at:
http://sec.angrypacket.com

Under the 'code' section.

-- 
Tony Lambiris [methodicat_private]
   http://www.openbsd.org && http://www.openssh.com
       "Anyone who truly understands the power 
         of UNIX wouldn't use anything else."

Next message: KF: "Re: OpenUNIX 8 & Unixware possible local root"
Previous message: Rob Bartlett - CPRE EMEA: "Re: OpenUNIX 8 & Unixware possible local root"
In reply to: Tony Lambiris: "AIM 0day DoS"
Next in thread: Don: "Re: AIM 0day DoS"
Next in thread: Jason Barbour: "Fw: AIM 0day DoS"
Reply: Don: "Re: AIM 0day DoS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 03 2001 - 13:24:22 PDT