Bugtraq mailing list archives

ICQ remote DoS

From: philip_stoev () INAME COM (Philip Stoev)
Date: Fri, 10 Mar 2000 20:06:43 +0200


This does not seem something extraordinary, but somebody may find a ground
to expand upon:

ICQ Version 99b Beta v.3.19 Build #2569
freshly downloaded today from www.icq.com

The My ICQ Page functionality turns ICQ user's PC into (sort of) a web
server, listening on port 80. This web server serves an ready-made page with
various things on it, and among them -- a guestbook. Submissions to this
guestbook are hanlded by guestbook.cgi script.

When an external visitor requests an URL like

http://icq-user-ip-address-here/guestbook.cgi

, he or she will get a Forbidden HTTP reply. However, if the URL is

http://icq-user-ip-address-here/guestbook.cgi

(with a ? at the end), ICQ will crash with a simple GPF.

I must admit that I did not bother to notify the developers, because the TOS
that pop up every now and them discourage me to do so.

Philip

Current thread:

Re: a few bugs ..., (continued)
- - - Re: a few bugs ... Thomas Roessler (Mar 15)
    - Re: a few bugs ... Michal Zalewski (Mar 17)
    - Patch: ip_masq_ftp / Linux 2.2.x (extended FTP ALG vulnerabilty) Bjarni R. Einarsson (Mar 20)
    - Microsoft Security Bulletin (MS00-018 Microsoft Product Security (Mar 20)
    - Re: a few bugs ... Coke (Mar 20)
    - Re: a few bugs ... Daniel Jacobowitz (Mar 20)
    - Re: a few bugs ... Michal Zalewski (Mar 20)
    - DoS with NAVIEG PAUL VanDyke (Mar 17)
    - [ANNOUNCE] strace for NT tsabin () RAZOR BINDVIEW COM (Mar 13)
    - Linux patch for blocking buffer overflow based attacks massimo () IAC RM CNR IT (Mar 10)
    - ICQ remote DoS Philip Stoev (Mar 10)
  - TESO advisory -- atsadc krahmer () CS UNI-POTSDAM DE (Mar 11)
  - Re: [ Hackerslab bug_paper ] Linux printtool get printer passwor Brian Knotts (Mar 13)
- Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Jason Lutz (Mar 09)
  - Re: Enumerate Root Web Server Directory Vulnerability for IIS 4.0 Chris Paget (Mar 17)
  - SQL Server Vulnerability details Chip Andrews (Mar 18)
- Re: PGP Signatures security BUG! Florian Weimer (Mar 10)
  - Re: PGP Signatures security BUG! Will Price (Mar 20)
  - Esafe Protect Gateway (CVP) does not scan virus under some conditions Hugo.van.der.Kooij () CAIW NL (Mar 21)
    - Re: Esafe Protect Gateway (CVP) does not scan virus under some conditions Alon Rotem (Mar 24)
  - Security bug in Apache project: Jakarta Tomcat Jan Madsen (Mar 21)

(Thread continues...)