Re: ICQ remote buffer overflow vulnerability

From: elijah wright (elwat_private)
Date: Mon Jan 07 2002 - 13:33:44 PST

Next message: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"

Previous message: Nu Omega Tau: "Re: Aftpd core dump vulnerability"
In reply to: Daniel Tan: "ICQ remote buffer overflow vulnerability"
Next in thread: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: 'ken'@FTU: "Re: ICQ remote buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This is very similar to the AIM overflow recently discovered.
> ICQ protocol uses the same TLV (2711) packet and there is a similar
> weakness in the parsing of the packet.

duh, that's because its essentially the same protocol.  :)

ICQ clients should probably be viewed with the same suspicion as the
vulnerable AIM clients.

elijah

Next message: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
Previous message: Nu Omega Tau: "Re: Aftpd core dump vulnerability"
In reply to: Daniel Tan: "ICQ remote buffer overflow vulnerability"
Next in thread: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: Daniel Tan: "Re: ICQ remote buffer overflow vulnerability"
Reply: 'ken'@FTU: "Re: ICQ remote buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 14:05:46 PST