Bugtraq mailing list archives

Re: ICQ Buffer Overflow Exploit

From: doggystyle () SHAKUR NET (Nick Summy)
Date: Wed, 19 Jan 2000 13:21:38 -0600


Not difficult at all,  if anyone has ever though about it,  here
http://www.student.nada.kth.se/~d95-mih/icq/   is a webpage that  explains a
lot about the ICQ protocol,  it also explains a little about AOL's

- Nick

Bryce Walter wrote:

Yes, but how tough would it be to write your own client to send msgs on the
icq network.  MS did it w/ AOL's instant messenger.  :)

I have been playing with this bug a little, and it seems that ICQ only
picks
up oversize messages when they are keyed in, and not when they are pasted.
maybe it wouldn't be so bad if this was fixed so that at least the client
couldn't be used to execute this attack. :-/


______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com

Current thread:

Re: ICQ Buffer Overflow Exploit Thomas Maschutznig (Jan 15)
- <Possible follow-ups>
- Re: ICQ Buffer Overflow Exploit x-x-x-x-x-x-x-x-x (Jan 18)
- Re: ICQ Buffer Overflow Exploit Bryce Walter (Jan 18)
  - Re: ICQ Buffer Overflow Exploit Jeremy Johnson (Jan 19)
  - Re: ICQ Buffer Overflow Exploit Nick Summy (Jan 19)
  - Re: ICQ Buffer Overflow Exploit Dylan Griffiths (Jan 19)
  - explanation and code for stream.c issues Tim Yardley (Jan 21)
    - Re: explanation and code for stream.c issues Tim Yardley (Jan 21)
    - Re: explanation and code for stream.c issues Tim Yardley (Jan 21)
    - Re: explanation and code for stream.c issues Erik Fichtner (Jan 21)
    - Re: explanation and code for stream.c issues Brett Glass (Jan 21)
    - S/Key & OPIE Database Vulnerability harikiri (Jan 21)
    - Re: S/Key & OPIE Database Vulnerability David Maxwell (Jan 23)
    - S/Key & OPIE Database Vulnerability Steve VanDevender (Jan 23)
    - Re: S/Key & OPIE Database Vulnerability Evil Pete (Jan 24)

(Thread continues...)