Vulnerability Development mailing list archives
RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow
From: "leon" <leon () inyc com>
Date: Sun, 10 Mar 2002 01:39:47 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Aim on MAC OS X does not appear to be vulnerable. It gives a message complaining about screenname length. I can confirm that indeed all version of aim 4.3 - 4.8 are vulnerable (on windows). Regards, Leon - -----Original Message----- From: John Adair [mailto:J.Adair () SempermedUSA com] Sent: Thursday, March 07, 2002 1:34 PM To: vuln-dev () securityfocus com Subject: RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow eSafe Gateway(tm) has scanned this mail for viruses, vandals and suspicious attachments and has found it to be CLEAN. File: smime.p7s (2,256 bytes) Encoding: Base64 Result: Clean. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If anyone wants the dump file please e-mail me off list. I was able to overwrite the edi, but I am sure we can find more given enough research.vuln-dev () securityfocus com I'm at work so I can't look into this issue too much, but here is what I found in a couple of minutes. I was able to craft my link to overwrite a few registers on the stack. I attached the dump I got from my first test. I used a larger buffer than what the advisory stated, but not much larger. On a side note, I had to reboot to get AIM to startup again and when I tried starting it up again (before the reboot) my machine froze. On another machine it crashed the entire system when Dr Watson was generating the dump file. - - - - Opinions expressed do not necessarily represent the views of my employer. This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, please telephone, fax or e-mail to the sender without delay. Return this message or delete this message and any attachment from your system as per our request. If you are not the intended recipient you must not copy this message or attachments or disclose the contents to any other person. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com> iQA/AwUBPIr/stqAgf0xoaEuEQJdPgCg46n3xI9/M7qoLo0ujVgp1W/1QyIAnRFp iNKhiDHrvQxUrK86GL2XPuG8 =/0B6 -----END PGP SIGNATURE-----
Current thread:
- AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow Adonis.No.Spam (Mar 07)
- Re: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow Douglas Pichardo (Mar 08)
- <Possible follow-ups>
- RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow John Adair (Mar 07)
- RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow leon (Mar 10)