Vulnerability Development mailing list archives
Re: AIM 3.0
From: ras () SLARTIBARTFAST MAGRATHEA COM (Robert A. Seace)
Date: Sat, 30 Oct 1999 19:44:47 -0400
In the profound words of 'Blue Boar':
[snip...]
As for overflows... there was the twsited rumor situation about AIM overflows, apparantly spread by an MS employee?? Anyone ever get verfication on that one?
Well, it sure seems like more than just rumor... I've seen a couple pages where people examine the situation in detail, and come to the obvious conclusion that it's for real... One good page is "http://www.ozemail.com.au/~geoffch/security/aim/"... He does a comprehensive analysis, and shows that the overflow does seem to exist, and that the packet that others captured coming from AOL does indeed seem to use that overflow to execute arbitrary code within the packet... Another related page is "http://www.robertgraham.com/pubs/aol-exploit/" (especially "message.c", there; which was a BugTraq posting at one point)... Now, I haven't actually done my own analysis, so I can't say for certain it's really for real, but I think it sure LOOKS that way, at least... *shrug* However, I suspect that AOL has already long ago stopped exploiting the hole itself, if it ever really did... But, it sounds like the hole is still THERE, regardless... -- ||========================================================================|| || Robert A. Seace || URL || ras () magrathea com || || AKA: Agrajag || http://www.magrathea.com/~ras/ || rob () wordstock com || ||========================================================================|| "So this is it, we are going to die." "Yes, except...no! Wait a minute! What's this switch?" "What? Where?" "No, I was only fooling, we are going to die after all." - THGTTG
Current thread:
- Accessing IE/Netscape incomming data Derek Reynolds (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 25)
- Re: Accessing IE/Netscape incomming data Bernhard Kirchmair (Oct 26)
- Re: Accessing IE/Netscape incomming data Alan Cox (Oct 26)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 26)
- AIM 3.0 Paul Keefer (Oct 28)
- Re: AIM 3.0 Aviram Jenik (Oct 28)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)
- <Possible follow-ups>
- Re: Accessing IE/Netscape incomming data Martin (Oct 27)
- Re: Accessing IE/Netscape incomming data Thomas Dullien (Oct 28)