Bugtraq mailing list archives
Re: ICQ remote buffer overflow vulnerability
From: Daniel Tan <datan () seas upenn edu>
Date: Sun, 06 Jan 2002 16:09:44 -0500
I've discovered that the same payload can be sent through Direct Connection with the receiver, even with the DC settings set to maximum (ie. allow only users on my contact list, allow DC upon authorisation, do not allow older version of clients to DC). If the sender is 'trusted' (ie. on the users' contact list), the sender can establish a TCP connection with the users' listening port even if DC settings are on maximum (in which case the receiver's IP & port are not given to the sender, but one can find this out in other ways eg. email header + port scan). Whereas having the payload sent through the server allows a possible remedy in having the server check for malformed packets, being able to send the packet directly to the client takes away that possibility. Again, this works only for ICQ2000 clients. ------------- Daniel Tan Class of 2004 Jerome Fisher Management & Technology Program University of Pennsylvania, USA datan () seas upenn edu datan () wharton upenn edu -------------
Current thread:
- ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability elijah wright (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 08)
- Re: ICQ remote buffer overflow vulnerability 'ken'@FTU (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Nick FitzGerald (Jan 08)