Bugtraq mailing list archives

Re: Advisory: Licq DoS +exploit

From: Graham Roff <graham () LICQ ORG>
Date: Mon, 26 Feb 2001 17:06:12 -0500

sent to a port it is listening on.  Further testing showed that sending a
certain amount of data to the port the Remote Management Service (RMS)
plugin listens on it too would cause Licq to crash or lock up.  The
amount of data needed to be sent to crash Licq may vary from system to
system.  On the Red Hat linux 7.0 system I used 16707 or more bytes sent
to the port Licq was listening on was enough to crash it.  Sending around
12000 or more characters to the RMS plugin port was enough to crash Licq


The actual problem is due to line parsing code which uses a fixed length
(dynamically allocated) buffer of 1024 bytes.  Any string of characters
longer then 1024 without a newline will crash the server.  This has been
fixed in the latest CVS tree which will be released along with Licq 1.0.3
very soon.

_____________________________________________________________________
Graham Roff                         groff () engmail uwaterloo ca
University of Waterloo              ICQ #2127503
Computer Engineering                Canada

Nolites tes bastardes carborundorum

Current thread:

Advisory: Licq DoS +exploit Stanley G. Bubrouski (Feb 20)
- Re: Advisory: Licq DoS +exploit Graham Roff (Feb 27)
- <Possible follow-ups>
- Re: Advisory: Licq DoS +exploit Stanley G. Bubrouski (Feb 28)