Vulnerability Development mailing list archives
Re: AOL IM 4.7 d0s 0-Day
From: "VeNoMouS" <venom () phreaker net>
Date: Sun, 30 Sep 2001 17:27:47 +1200
run ethereal or something and get a proper packet log, that way if iris is missing any certain char @ least ethereal would grab it, and we could actally tell you whats going on. ----- Original Message ----- From: leon <leon () inyc com> To: <vuln-dev () securityfocus com> Sent: Sunday, September 30, 2001 12:08 PM Subject: FW: AOL IM 4.7 d0s 0-Day
Forget it blue boar those are the wrong packets. Maybe just post it without the packets. -----Original Message----- From: leon [mailto:leon () inyc com] Sent: Saturday, September 29, 2001 7:34 PM To: 'vuln-dev () securityfocus com' Subject: FW: AOL IM 4.7 d0s 0-Day -----Original Message----- From: leon [mailto:leon () inyc com] Sent: Saturday, September 29, 2001 7:32 PM To: 'vuln-dev () securityfocus com' Subject: AOL IM 4.7 d0s 0-Day Hi everyone, There is currently a 0-Day exploit for aol im that allows anyone to boot you just by sending an im, It is similar to the old ̂ bootstring. I have managed to get a debug of it along with a capture of the packets. Can anyone help me figure out how to defend against this or in the very least explain what is going on (since I don't have coding skillz). I managed to capture the packets with iris 2.0 and they are now .cap files. Can anyone help me A) recreate the exploit & B) tell me how to defend against it? Cheers, Leon Please mail me offline for the debug
Current thread:
- FW: AOL IM 4.7 d0s 0-Day leon (Sep 29)
- <Possible follow-ups>
- FW: AOL IM 4.7 d0s 0-Day leon (Sep 29)
- Re: AOL IM 4.7 d0s 0-Day VeNoMouS (Sep 30)
- Re: AOL IM 4.7 d0s 0-Day austin (Sep 30)
- Re: AOL IM 4.7 d0s 0-Day VeNoMouS (Sep 30)
- Re: AOL IM 4.7 d0s 0-Day dev-null (Sep 30)