Re: AOL IM 4.7 d0s 0-Day

["VeNoMouS" <venom () phreaker net>]

run ethereal or something and get a proper packet log, that way if iris is
missing any certain char @ least ethereal would grab it, and we could
actally tell you whats going on.

----- Original Message -----
From: leon <leon () inyc com>
To: <vuln-dev () securityfocus com>
Sent: Sunday, September 30, 2001 12:08 PM
Subject: FW: AOL IM 4.7 d0s 0-Day


> Forget it blue boar those are the wrong packets.  Maybe just post it
> without the packets.
>
>
> -----Original Message-----
> From: leon [mailto:leon () inyc com]
> Sent: Saturday, September 29, 2001 7:34 PM
> To: 'vuln-dev () securityfocus com'
> Subject: FW: AOL IM 4.7 d0s 0-Day
>
>
>
> -----Original Message-----
> From: leon [mailto:leon () inyc com]
> Sent: Saturday, September 29, 2001 7:32 PM
> To: 'vuln-dev () securityfocus com'
> Subject: AOL IM 4.7 d0s 0-Day
>
> Hi everyone,
>
> There is currently a 0-Day exploit for aol im that allows anyone to boot
> you just by sending an im, It is similar to the old &#770; bootstring.
> I have managed to get a debug of it along with a capture of the packets.
> Can anyone help me figure out how to defend against this or in the very
> least explain what is going on (since I don't have coding skillz).  I
> managed to capture the packets with iris 2.0 and they are now .cap
> files.  Can anyone help me A) recreate the exploit & B) tell me how to
> defend against it?
>
> Cheers,
>
> Leon
>
> Please mail me offline for the debug