Vulnerability Development mailing list archives
Re: ICQ exploit
From: Guillaume Belanger <GBelanger () CORADIANT COM>
Date: Thu, 29 Mar 2001 10:21:11 -0500
Well its quite obvious to me that the ICQ client has a way to authenticate messages which are sent from the servers at mirabilis.com and those sent from third parties. Youcould basically spoof any kind of incoming message from the system and do all kinds of nasty stuff providing you can lead the client side to believe you are mirabilis servers .. Guillaume Bodie <mclarkc () ESSEX AC. To: VULN-DEV () SECURITYFOCUS COM UK> cc: Sent by: VULN-DEV Subject: Re: ICQ exploit List <VULN-DEV@SECURITY FOCUS.COM> 03/28/01 08:49 PM Please respond to Bodie On Wed, 28 Mar 2001, Ed Rolison wrote:
While playing around with my laptop and desktop today I noticed
something
with ICQ. If you have ICQ setup on 2 machines using the same ICQ number, as soon
as
the second machine starts ICQ up the first machine gets an error about
your
ICQ number being used on another machine and immediately takes ICQ off
line.
I don't know the mechanism that allows this but has anyone considered an exploit based upon this mechanism? Seems to me a sequential run could
knock
a whole bunch of people off ICQ..I've noticed this behaviour, although correct me if I'm wrong, but to do
this
you need to actually log on to ICQ - thus you can't do it, because you'd
need to
crack every account...
I'm not sure about this, i'm gunna check it out tonight, but i think it would be possible to forge the message that is sent to the client to make it disconnect, and if that is possible then it definately is possible to crash the icq network completely quite easily
Current thread:
- Re: ICQ exploit Ed Rolison (Mar 28)
- Re: ICQ exploit Bodie (Mar 28)
- <Possible follow-ups>
- Re: ICQ exploit George (Mar 28)
- Re: ICQ exploit Knud Erik Højgaard - Cybercity support (Mar 29)
- Re: ICQ exploit Guillaume Belanger (Mar 29)