run ethereal or something and get a proper packet log, that way if iris is missing any certain char @ least ethereal would grab it, and we could actally tell you whats going on. ----- Original Message ----- From: leon <leonat_private> To: <vuln-devat_private> Sent: Sunday, September 30, 2001 12:08 PM Subject: FW: AOL IM 4.7 d0s 0-Day > Forget it blue boar those are the wrong packets. Maybe just post it > without the packets. > > > -----Original Message----- > From: leon [mailto:leonat_private] > Sent: Saturday, September 29, 2001 7:34 PM > To: 'vuln-devat_private' > Subject: FW: AOL IM 4.7 d0s 0-Day > > > > -----Original Message----- > From: leon [mailto:leonat_private] > Sent: Saturday, September 29, 2001 7:32 PM > To: 'vuln-devat_private' > Subject: AOL IM 4.7 d0s 0-Day > > Hi everyone, > > There is currently a 0-Day exploit for aol im that allows anyone to boot > you just by sending an im, It is similar to the old ̂ bootstring. > I have managed to get a debug of it along with a capture of the packets. > Can anyone help me figure out how to defend against this or in the very > least explain what is going on (since I don't have coding skillz). I > managed to capture the packets with iris 2.0 and they are now .cap > files. Can anyone help me A) recreate the exploit & B) tell me how to > defend against it? > > Cheers, > > Leon > > Please mail me offline for the debug > >
This archive was generated by hypermail 2b30 : Sun Sep 30 2001 - 12:45:24 PDT