Bugtraq mailing list archives
WARNING: Another ICQ IP address vulnerability
From: mnemonix () GLOBALNET CO UK (Mnemonix)
Date: Wed, 11 Nov 1998 18:16:40 -0000
There is a problem in Mirabilis' ICQ (ICQ 98beta) on Windows NT 4.0 where internal IP address information is given out in the TCP payload thus giving other ICQ users possibly sensitive information. Here is an example: HOST A is running Windows NT 4.0. It has an Ethernet NIC with IP address 10.20.20.60 and also has a modem. The user at HOST A dials his ISP and a dynamic IP address is assigned to the modem : 195.195.195.195. The user at HOST A strikes up an ICQ conversation with the user at HOST B running Windows 98. HOST B has a NIC with an IP address of 10.50.50.90 and a modem that has the IP address 198.198.198.198. A TCP virtual circuit has been set up between 195.195.195.195 and 198.198.198.198 over which the converstation takes place. An ICQ created packet will put the IP address of the sending machine at the end of the TCP data - twice. In Windows 98 this is that of the IP address of the modem (198198198198198198198198) In Windows NT however, the TCP data will contain the IP address assigned to the modem followed by the IP address of the Network Interface Card. What's more, if the NT box has a direct connection to the Internet via a firewall performing Network Address Translation, instead of via a dialup, this problem still occurs and it is possible using a network sniffer to get the IP address and therefore a good indication of the network addressing scheme used on the internal side. L8r, David Litchfield
Current thread:
- Xinetd /tmp race? Balazs Nagy (Nov 10)
- SCO World Script Vulnerabilities Ben Laurie (Nov 11)
- Re: SCO World Script Vulnerabilities Joe (Nov 12)
- WARNING: Another ICQ IP address vulnerability Mnemonix (Nov 11)
- Citadel security exploits? Stout, Bill (Nov 11)
- Re: Xinetd /tmp race? Wayne Schroeder (Nov 11)
- Re: Xinetd /tmp race? Glynn Clements (Nov 11)
- <Possible follow-ups>
- Re: Xinetd /tmp race? Jesús Cea Avión (Nov 12)
- Re: Xinetd /tmp race? Glynn Clements (Nov 12)
- Re: Xinetd /tmp race? Casper Dik (Nov 14)
- Re: Xinetd /tmp race? Marc Heuse (Nov 13)
- Re: Xinetd /tmp race? Pavel Kankovsky (Nov 13)
- Re: Xinetd /tmp race? stanislav shalunov (Nov 13)
- Re: Xinetd /tmp race? Kevin Vajk (Nov 14)
- SCO World Script Vulnerabilities Ben Laurie (Nov 11)