Re: AIM 3.0

[ras () SLARTIBARTFAST MAGRATHEA COM (Robert A. Seace)]

In the profound words of 'Blue Boar':
>
[snip...]
> As for overflows... there was the twsited rumor situation about AIM
> overflows, apparantly spread by an MS employee??  Anyone ever get
> verfication on that one?

        Well, it sure seems like more than just rumor...  I've seen
a couple pages where people examine the situation in detail, and
come to the obvious conclusion that it's for real...  One good
page is "http://www.ozemail.com.au/~geoffch/security/aim/";...
He does a comprehensive analysis, and shows that the overflow
does seem to exist, and that the packet that others captured
coming from AOL does indeed seem to use that overflow to execute
arbitrary code within the packet...  Another related page is
"http://www.robertgraham.com/pubs/aol-exploit/"; (especially
"message.c", there; which was a BugTraq posting at one point)...

        Now, I haven't actually done my own analysis, so I can't
say for certain it's really for real, but I think it sure LOOKS
that way, at least... *shrug*  However, I suspect that AOL has
already long ago stopped exploiting the hole itself, if it ever
really did...  But, it sounds like the hole is still THERE,
regardless...

--
||========================================================================||
|| Robert A. Seace ||               URL              || ras () magrathea com ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob () wordstock com ||
||========================================================================||
"So this is it, we are going to die." "Yes, except...no! Wait a minute! What's
 this switch?" "What? Where?" "No, I was only fooling, we are going to die
 after all." - THGTTG