Bugtraq mailing list archives

Re: ICQ Buffer Overflow Exploit

From: tom () ISMI NET (Tom Schumm)
Date: Fri, 14 Jan 2000 13:07:23 -0500

1. I am not able to verify this vulnerability under Windows98, running ICQ
99b Beta 3.19 Build 2569.  I tried sending excessively long URL's using
the URL message send (I could not find a way of sending a URL during chat,
[snip...]


I believe the buffer overflow is in the regular text messages, NOT the URL
messages.  ICQ usually parses and highlights URL's typed into messages.  I
just tried sending a really long URL in a message with the same version of
ICQ under Windows 98 and the client crashed as soon as I clicked on the URL.
It will also die if you open up the message in the history and click on the
URL.

2. I do not agree with your fix, however.  There is a much simpler fix
available, go into the Preferences window, select the Events tab, select
the URL setting on the "Select Event to Configure" combobox and then
select "Auto Decline."  This appears to shut down the http event.
[snip...]


Since the problem is in the regular messages, you can't very well decline
all of those.  It is probably best just to auto-decline all the ones that
aren't from people you know (i.e. those folks on your contact list).  As far
as I can tell, the overflow doesn't happen just by viewing the message - you
have to click on the URL.  If that's the case, you might just be able to
avoid the problem by not clicking on those long urls.

Current thread:

Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x, (continued)
- - - Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Ussr Labs (Jan 13)
    - Re: NIS2k Brad Griffin (Jan 13)
    - Misleading sense of security in Netscape Craig Ruefenacht (Jan 13)
    - Re: Misleading sense of security in Netscape Jefferson Ogata (Jan 18)
    - New MySQL Available Scott (Jan 13)
    - BindView Security Advisory: Local Promotion Vulnerability in Windows NT 4 BindView Security Advisory (Jan 13)
    - Microsoft Security Bulletin (MS00-003) Microsoft Product Security (Jan 13)
    - ICQ Buffer Overflow Exploit drew copley (Jan 11)
    - Re: ICQ Buffer Overflow Exploit Dennis W. Mattison (Little Wolf) (Jan 12)
    - Re: ICQ Buffer Overflow Exploit Michael DeSimone (Jan 13)
    - Re: ICQ Buffer Overflow Exploit Tom Schumm (Jan 14)
    - Re: ICQ Buffer Overflow Exploit Simon Steed (Jan 13)
    - Anyone can take over virtually any domain on the net... Thomas Reinke (Jan 11)
    - Re: Anyone can take over virtually any domain on the net... Jon Lewis (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Jeffrey Paul (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Chris Adams (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Shafik Yaghmour (Jan 13)
    - Re: Anyone can take over virtually any domain on the net... Nick Lamb (Jan 15)
    - Re: Anyone can take over virtually any domain on the net... Kurt Seifried (Jan 13)
    - Blinding BIND to a moving domain D. J. Bernstein (Jan 12)
    - Re: Blinding BIND to a moving domain Ken Gourlay (Jan 12)

(Thread continues...)