Vulnerability Development mailing list archives

RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow

From: "leon" <leon () inyc com>
Date: Sun, 10 Mar 2002 01:39:47 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Aim on MAC OS X does not appear to be vulnerable.  It gives a message
complaining about screenname length.  I can confirm that indeed all
version of aim 4.3 - 4.8 are vulnerable (on windows).

Regards,

Leon

- -----Original Message-----
From: John Adair [mailto:J.Adair () SempermedUSA com] 
Sent: Thursday, March 07, 2002 1:34 PM
To: vuln-dev () securityfocus com
Subject: RE: AIM including the beta 4.8.2646 Local/Remote Buffer
Oveflow

eSafe Gateway(tm) has scanned this mail for viruses, vandals and 
suspicious attachments and has found it to be CLEAN.

File: smime.p7s (2,256 bytes)
Encoding: Base64
Result: Clean.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If anyone wants the dump file please e-mail me off list. I was able
to
overwrite the edi, but I am sure we can find more given enough
research.vuln-dev () securityfocus com

I'm at work so I can't look into this issue too much, but here is
what I
found in a couple of minutes. I was able to craft my link to
overwrite a
few registers on the stack. I attached the dump I got from my first
test. I used a larger buffer than what the advisory stated, but not
much
larger. On a side note, I had to reboot to get AIM to startup again
and
when I tried starting it up again (before the reboot) my machine
froze.
On another machine it crashed the entire system when Dr Watson was
generating the dump file.

- - - -
Opinions expressed do not necessarily represent the views of my
employer.

This message and any attachment are confidential and may be
privileged or
otherwise protected from disclosure. If you are not the intended
recipient, please telephone, fax or e-mail to the sender without
delay.
Return this message or delete this message and any attachment from
your
system as per our request. If you are not the intended recipient you
must
not copy this message or attachments or disclose the contents to any
other
person.

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPIr/stqAgf0xoaEuEQJdPgCg46n3xI9/M7qoLo0ujVgp1W/1QyIAnRFp
iNKhiDHrvQxUrK86GL2XPuG8
=/0B6
-----END PGP SIGNATURE-----

Current thread:

AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow Adonis.No.Spam (Mar 07)
- Re: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow Douglas Pichardo (Mar 08)
- <Possible follow-ups>
- RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow John Adair (Mar 07)
  - RE: AIM including the beta 4.8.2646 Local/Remote Buffer Oveflow leon (Mar 10)