Bugtraq mailing list archives

Re: ICQ Buffer Overflow Exploit

From: mattison () WEBOVISION COM (Dennis W. Mattison (Little Wolf))
Date: Wed, 12 Jan 2000 21:09:48 -0800


Two things:

1. I am not able to verify this vulnerability under Windows98, running ICQ
99b Beta 3.19 Build 2569.  I tried sending excessively long URL's using
the URL message send (I could not find a way of sending a URL during chat,
other than typing it in the window, you might send out the instructions on
how to do this) and was unable to buffer overflow the program.  I'll keep
trying, there might be something I am not doing right...

2. I do not agree with your fix, however.  There is a much simpler fix
available, go into the Preferences window, select the Events tab, select
the URL setting on the "Select Event to Configure" combobox and then
select "Auto Decline."  This appears to shut down the http event.  I've
tried sending URL messages back and forth between two machines and was
unable to receive them.  I've turned all events off in ICQ, it is much
easier to tell someone I am chatting with to look at a particular URL
without using the URL message capability.

-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of drew
copley
Sent: Tuesday, January 11, 2000 10:31 AM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: ICQ Buffer Overflow Exploit

Buffer Overflow in ICQ
--Stuff Deleted--

---
Dennis W. Mattison (Little Wolf)
(This message should be signed, please verify signature if you suspect
fraud.)


<HR NOSHADE>
<UL>
<LI>application/x-pkcs7-signature attachment: smime.p7s
</UL>

Current thread:

Password issue in Axent ESM 5.0.1 Console, (continued)
- - - Password issue in Axent ESM 5.0.1 Console Todd (Jan 12)
    - Re: Password issue in Axent ESM 5.0.1 Console Scott Blake (Jan 14)
    - Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Ussr Labs (Jan 13)
    - Re: NIS2k Brad Griffin (Jan 13)
    - Misleading sense of security in Netscape Craig Ruefenacht (Jan 13)
    - Re: Misleading sense of security in Netscape Jefferson Ogata (Jan 18)
    - New MySQL Available Scott (Jan 13)
    - BindView Security Advisory: Local Promotion Vulnerability in Windows NT 4 BindView Security Advisory (Jan 13)
    - Microsoft Security Bulletin (MS00-003) Microsoft Product Security (Jan 13)
    - ICQ Buffer Overflow Exploit drew copley (Jan 11)
    - Re: ICQ Buffer Overflow Exploit Dennis W. Mattison (Little Wolf) (Jan 12)
    - Re: ICQ Buffer Overflow Exploit Michael DeSimone (Jan 13)
    - Re: ICQ Buffer Overflow Exploit Tom Schumm (Jan 14)
    - Re: ICQ Buffer Overflow Exploit Simon Steed (Jan 13)
    - Anyone can take over virtually any domain on the net... Thomas Reinke (Jan 11)
    - Re: Anyone can take over virtually any domain on the net... Jon Lewis (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Jeffrey Paul (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Chris Adams (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Shafik Yaghmour (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Nick Lamb (Jan 15)
    - Re: Anyone can take over virtually any domain on the net... Kurt Seifried (Jan 13)

(Thread continues...)