Bugtraq mailing list archives

RE: AIM 0day DoS

From: "BlueJAMC" <bluejamc () netzero net>
Date: Wed, 3 Oct 2001 11:47:47 -0500

This is hardly 0-day, and I think that the authors of this advisory know
it.  I'm sure that AOL has also been made aware of it many times over.
There are also numerous other buffer overflows, including sending files
with overly long filenames, sending invalid font tags, buddy icons which
are malformed, etc, etc.  There has been a program out for months, in
fact, which allows a person to use their normal AIM client to kick
people off.  This program has been around for months, and has been open
source for months.  I will not name that program here because there are
no doubt numerous kiddies who would love to be able to punt, but it is
out there.  (Hello, Robbie.)

A little more details on the exploit which Angrypacket supposedly
discovered:

It affects all of AOL's versions of AIM for Win32.  It also affects all
versions of Netscape's AIM, with the exception of the AIM program
included with Netscape 6.1.  It effects gAIM, but only when the user is
connected to gAIM via the Oscar protocol.  It does not appear to affect
Mac clients, or AOL's Java client.  It does not appear any clients which
connect via the TOC protocol, namely TiK, miniTiK, tnt, jaim, jam, etc,
due to limitations in the size of the commands you can send to the
server through TOC.  When a person using TOC has a punt attempt against
them, it simply says, "The previous message was too long and could not
be displayed."  I am not sure about applications like Jabber, Trillian,
Odigo, etc, as I have not looked into what protocol they use to connect
to AIM, nor have I tested those clients.

I hope this helps clear up any questions which could easily have been
created by the vagueness of this advisory.

BlueJAMC
DKG/CTC

-----Original Message-----
From: Tony Lambiris [mailto:methodic () slartibartfast angrypacket com] 
Sent: Tuesday, October 02, 2001 5:54 PM
To: bugtraq () securityfocus com
Subject: AIM 0day DoS

We just finished writing a proof-of-concept DoS exploit for the <!-- bug

recently found in AIM (at least for Windows..).

It can be found at:
http://sec.angrypacket.com

Under the 'code' section.

-- 
Tony Lambiris [methodic () slartibartfast angrypacket com]
   http://www.openbsd.org && http://www.openssh.com
       "Anyone who truly understands the power 
         of UNIX wouldn't use anything else."

Current thread:

AIM 0day DoS Tony Lambiris (Oct 03)
- RE: AIM 0day DoS BlueJAMC (Oct 03)
  - Re: AIM 0day DoS Don (Oct 05)
- <Possible follow-ups>
- Fw: AIM 0day DoS Jason Barbour (Oct 03)
  - Re: Fw: AIM 0day DoS Vadim Berezniker (Oct 03)
- Re: AIM 0day DoS Don (Oct 06)