Re: ICQ remote buffer overflow vulnerability

From: 'ken'@FTU
Date: Tue Jan 08 2002 - 14:06:24 PST

Next message: Tim Yardley: "RE: w00w00 on AIM Filter (Backdoors & SpyWare)"

Previous message: Bjorn Djupvik: "svindel.net security advisory - web admin vulnerability in CacheOS"
In reply to: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
Next in thread: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

elijah wright wrote:

>>This is very similar to the AIM overflow recently discovered.
>>ICQ protocol uses the same TLV (2711) packet and there is a similar
>>weakness in the parsing of the packet.
>>
> 
> duh, that's because its essentially the same protocol.  :)

I disagree: there is an important distinction between the protocol (the 
rules) and the parsing of the data (the implementation).

> ICQ clients should probably be viewed with the same suspicion as the
> vulnerable AIM clients.

This assumes that the coders who developed ICQ made the same errors as 
the codes who developed AIM.

I happen to agree, but not because they use the same protocol. I agree 
because many programmers do not know how to code (and parse) safely...

'ken'

Next message: Tim Yardley: "RE: w00w00 on AIM Filter (Backdoors & SpyWare)"
Previous message: Bjorn Djupvik: "svindel.net security advisory - web admin vulnerability in CacheOS"
In reply to: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
Next in thread: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jan 08 2002 - 14:55:05 PST