Full Disclosure mailing list archives
Re: Advisory 02/2004: Trillian remote overflows-> maybe this is off-topic, but...
From: <andrewg () d2 net au>
Date: Wed, 25 Feb 2004 15:48:57 +1100 (EST)
Hi, On the subject of trillian.. Well, for what its worth, there is a format string in the parsing of KILL messages by trillian (:. requiring you have have oper or RW access to a clients connection). Attached is an exploit... not complete, something I was working on and lost interest. (http://felinemenace.org/~andrewg/split_search.py might be useful for other irc clients exploits for large shellcodes).. There seems to be a race involved. The shellcode basically moves around and gets mangled lots by the display thread or something. I was thinking that straight ascii-shellcode would be the way to go, or a modification of split search so it didn't use various stuff like - or < etc. There is most likely an easier way of exploiting this bug, but *shrug* Enjoy, Andrew Griffiths
"What is Trillian? Trillian is a skinnable, interoperable instant messaging client.Grab the best IM client available on the Internet today!Trillian .74 is completely free, with no spyware and no ads.Over 10 million downloads can't be wrong!" "Completely free". Aha. Where is the source code and a suitable license to modify and share modifications? "No spyware". Aha. How can we know without the source? Well, I guess we have to take their word.No, you're free to reverse engineer Trillian (they might sue you, though). Everything is "open source" if you know assembler. _________________________________________________________________ Click, drag and drop. My MSN is the simple way to design your homepage. http://click.atdmt.com/AVE/go/onm00200364ave/direct/01/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Attachment:
trillian-kill-fmtstr.py
Description:
Current thread:
- Re: Advisory 02/2004: Trillian remote overflows-> maybe this is off-topic, but... first last (Feb 24)
- Re: Advisory 02/2004: Trillian remote overflows-> maybe this is off-topic, but... andrewg (Feb 24)
- RE: Advisory 02/2004: Trillian remote overflows-> maybe this is off-topic, but... Aditya, ALD [Aditya Lalit Deshmukh] (Feb 27)