Full Disclosure mailing list archives
Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but...
From: Scott Taylor <security () 303underground com>
Date: Tue, 24 Feb 2004 17:52:20 -0700
From gaim's own news... so of course there will be some similarities in
parts of their yahoo code. September 28th, 2003 - 9:53PM EDT 0.70 Our friends over at Cerulean Studios managed to break my speed record at cracking Yahoo authentication schemes with an impressive feat of hackery. They sent it over and here it is in Gaim 0.70. However, certain details of the authentication scheme depend on the challenge string the server sends us, and there's really no way to tell what it does until Yahoo starts sending new challenge strings. So you can expect a few more breakages to come soon. I wouldn't sign offline if I were you. Peep the ChangeLog. On Tue, 2004-02-24 at 14:23, Tobias Weisserth wrote:
[02 - Yahoo Packet Parser Overflow] A Yahoo Messenger packet consist of a header and a list of keys with their associated values. When reading an oversized keyname a standard stackoverflow can be triggered. The code below is part of Trillian since version 0.71 which was released on the 18th december 2001. It was manually decompiled. The variable names were taken from the GAIM source code. If you compare the decompiled code with the code in yahoo.c (revision 1.12 from 15th nov 2001) you will realise that it is more or less identical. It is up to the reader to find an explanation how this GPL licensed codesnippet ended up in Trillian.AHA! Got you. This must be pretty embarrassing for Trillian. Is someone from the GAIM team reading this list?
-- Scott Taylor - <security () 303underground com> Laetrile is the pits. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Advisory 02/2004: Trillian remote overflows Stefan Esser (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Tobias Weisserth (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Scott Taylor (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Jeff_Lopes (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Luke Schierer (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Tobias Weisserth (Feb 25)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Stefan Esser (Feb 25)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Nathan Walp (Feb 25)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Stefan Esser (Feb 25)
- RE: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)
- Re: Advisory 02/2004: Trillian remote overflows -> maybe this is off-topic, but... Tobias Weisserth (Feb 24)