Bugtraq mailing list archives
Re: ICQ remote buffer overflow vulnerability
From: Daniel Tan <datan () seas upenn edu>
Date: Mon, 07 Jan 2002 18:41:11 -0500
my apologies... After making the discovery that the overflow occurs even with DC with the remote client, I have to deduce that parsing of the TLV packet is NOT at fault in this case. Reason: TLV packets are those that go through the servers. But DC connections do not use them. I believe it is in the creation of the message event that the buffer overflow occurs. An important difference with the AIM overflow is that the user has to doubleclick on the contact to receive the event for the overflow to occur. But I believe this is still a risk since most people would double click on their events anyway. elijah wright wrote:
This is very similar to the AIM overflow recently discovered. ICQ protocol uses the same TLV (2711) packet and there is a similar weakness in the parsing of the packet.duh, that's because its essentially the same protocol. :) ICQ clients should probably be viewed with the same suspicion as the vulnerable AIM clients. elijah
Current thread:
- ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability elijah wright (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 08)
- Re: ICQ remote buffer overflow vulnerability 'ken'@FTU (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Nick FitzGerald (Jan 08)