FW: AOL IM 4.7 d0s 0-Day

• Previous message: leon: "FW: AOL IM 4.7 d0s 0-Day"
• Next in thread: VeNoMouS: "Re: AOL IM 4.7 d0s 0-Day"
• Reply: VeNoMouS: "Re: AOL IM 4.7 d0s 0-Day"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forget it blue boar those are the wrong packets.  Maybe just post it
without the packets.


-----Original Message-----
From: leon [mailto:leonat_private] 
Sent: Saturday, September 29, 2001 7:34 PM
To: 'vuln-devat_private'
Subject: FW: AOL IM 4.7 d0s 0-Day



-----Original Message-----
From: leon [mailto:leonat_private] 
Sent: Saturday, September 29, 2001 7:32 PM
To: 'vuln-devat_private'
Subject: AOL IM 4.7 d0s 0-Day

Hi everyone,

There is currently a 0-Day exploit for aol im that allows anyone to boot
you just by sending an im, It is similar to the old ̂ bootstring.
I have managed to get a debug of it along with a capture of the packets.
Can anyone help me figure out how to defend against this or in the very
least explain what is going on (since I don't have coding skillz).  I
managed to capture the packets with iris 2.0 and they are now .cap
files.  Can anyone help me A) recreate the exploit & B) tell me how to
defend against it?

Cheers,

Leon

Please mail me offline for the debug

• application/octet-stream attachment: 1st_packet.cap

• application/octet-stream attachment: 2nd_packet.cap

• Next message: Steve Grubb: "Re: Bug in Apache 1.3.20 Server - Hackemate Research"
• Previous message: leon: "FW: AOL IM 4.7 d0s 0-Day"
• Next in thread: VeNoMouS: "Re: AOL IM 4.7 d0s 0-Day"
• Reply: VeNoMouS: "Re: AOL IM 4.7 d0s 0-Day"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 29 2001 - 17:55:22 PDT