Bugtraq mailing list archives
Re: Advisory: Licq DoS +exploit
From: Graham Roff <graham () LICQ ORG>
Date: Mon, 26 Feb 2001 17:06:12 -0500
sent to a port it is listening on. Further testing showed that sending a certain amount of data to the port the Remote Management Service (RMS) plugin listens on it too would cause Licq to crash or lock up. The amount of data needed to be sent to crash Licq may vary from system to system. On the Red Hat linux 7.0 system I used 16707 or more bytes sent to the port Licq was listening on was enough to crash it. Sending around 12000 or more characters to the RMS plugin port was enough to crash Licq
The actual problem is due to line parsing code which uses a fixed length (dynamically allocated) buffer of 1024 bytes. Any string of characters longer then 1024 without a newline will crash the server. This has been fixed in the latest CVS tree which will be released along with Licq 1.0.3 very soon. _____________________________________________________________________ Graham Roff groff () engmail uwaterloo ca University of Waterloo ICQ #2127503 Computer Engineering Canada Nolites tes bastardes carborundorum
Current thread:
- Advisory: Licq DoS +exploit Stanley G. Bubrouski (Feb 20)
- Re: Advisory: Licq DoS +exploit Graham Roff (Feb 27)
- <Possible follow-ups>
- Re: Advisory: Licq DoS +exploit Stanley G. Bubrouski (Feb 28)