RE: -Possible- licq D.o.S

From: Jon Keating (jonat_private)
Date: Fri Feb 08 2002 - 07:08:26 PST

Next message: Mandrake Linux Security Team: "MDKSA-2002:012 - groff update"

Previous message: Tamer Sahin: "Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability"
Maybe in reply to: ciscosuxat_private: "-Possible- licq D.o.S"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello.

This crash occurred when a static buffer of 1024 bytes overflowed.  This is 
fixed in the latest version of licq in the CVS and should be in the next CVS 
daily snapshot.  The CVS copy of licq uses the new v8 protocol (otherwise 
known as OSCAR) while the latest release does not.  If for some reason you do 
not want to use the CVS copy, use the attached patch, and when prompted for 
file to patch enter the full path to icqd-chat.cpp (i.e. 
/home/user/licq/src/icqd-chat.cpp)

It would be appreciated if the bug reporter would also contact licq-devel to 
let the developers of licq be aware of this problem and any future problems.

Jon

text/x-c++ attachment: licq.icqd-chat.patch

Next message: Mandrake Linux Security Team: "MDKSA-2002:012 - groff update"
Previous message: Tamer Sahin: "Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability"
Maybe in reply to: ciscosuxat_private: "-Possible- licq D.o.S"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Feb 08 2002 - 09:54:42 PST