ICQ remote buffer overflow vulnerability

From: Daniel Tan (datanat_private)
Date: Sun Jan 06 2002 - 11:59:39 PST

Next message: Marc Slemko: "Re: Denial of Service flaw in Apache"

Previous message: Nu Omega Tau: "Faqmanager.cgi file read vulnerability"
Next in thread: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
Reply: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This is very similar to the AIM overflow recently discovered.

ICQ protocol uses the same TLV (2711) packet and there is a similar 
weakness in the parsing of the packet.


The details of this vulnerability will not be released until a 
further time (when a patch has been implemented, probably). ICQ2000 
clients are vulnerable. ICQ2001 clients do not appear to be 
vulnerable under default setup conditions.

Execution of arbitary code is possible since EAX/EBX point to within
the payload. 

Until AOL announces a patch/workaround, it is highly recommended to 
restrict receiving of events (other than normal messages) to contacts you 
know.


-------------
Daniel Tan
Class of 2004
Jerome Fisher Management & Technology Program
University of Pennsylvania, USA
datanat_private
datanat_private
-------------

Next message: Marc Slemko: "Re: Denial of Service flaw in Apache"
Previous message: Nu Omega Tau: "Faqmanager.cgi file read vulnerability"
Next in thread: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
Reply: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 13:33:11 PST