Bugtraq mailing list archives
Re: ICQ Buffer Overflow Exploit
From: michael () DESIMONE NET (Michael DeSimone)
Date: Thu, 13 Jan 2000 17:49:56 -0600
I was sort of able to duplicate the buffer over flow. The following is the steps I took and the results: Copy the original URL from the original notice (sites.yahoo etc...) to include the binary exclamation marks et. all. Downloaded complied assembly code for a little cube generator and open in UE32. Paste in the URL etc. Copy all of it and paste it into the URL section of ICQ's send a web address. Con my wife into opening the URL. Listen to her bitch at me for crashing her computer. Doing this did not execute the binary code that was placed at the end of the URL but did cause an unwanted, adverse reaction from the OS Win 98 Release1. That resulted in a reboot. I have not had a chance to witness 1st hand what happened on her box but from her description I believe it at least crashed the TCP/IP stack (surprise) and some memory issues as well. I will have a chance to further investigate tonight and will follow up. Michael DeSimone Computer Stuff ----- Original Message ----- From: Dennis W. Mattison (Little Wolf) <mattison () WEBOVISION COM> To: <BUGTRAQ () SECURITYFOCUS COM> Sent: Wednesday, January 12, 2000 11:09 PM Subject: Re: ICQ Buffer Overflow Exploit Two things: 1. I am not able to verify this vulnerability under Windows98, running ICQ 99b Beta 3.19 Build 2569. I tried sending excessively long URL's using the URL message send (I could not find a way of sending a URL during chat, other than typing it in the window, you might send out the instructions on how to do this) and was unable to buffer overflow the program. I'll keep trying, there might be something I am not doing right... 2. I do not agree with your fix, however. There is a much simpler fix available, go into the Preferences window, select the Events tab, select the URL setting on the "Select Event to Configure" combobox and then select "Auto Decline." This appears to shut down the http event. I've tried sending URL messages back and forth between two machines and was unable to receive them. I've turned all events off in ICQ, it is much easier to tell someone I am chatting with to look at a particular URL without using the URL message capability. -----Original Message----- From: Bugtraq List [mailto:BUGTRAQ () SECURITYFOCUS COM]On Behalf Of drew copley Sent: Tuesday, January 11, 2000 10:31 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: ICQ Buffer Overflow Exploit Buffer Overflow in ICQ --Stuff Deleted-- --- Dennis W. Mattison (Little Wolf) (This message should be signed, please verify signature if you suspect fraud.)
Current thread:
- Re: Password issue in Axent ESM 5.0.1 Console, (continued)
- Re: Password issue in Axent ESM 5.0.1 Console Scott Blake (Jan 14)
- Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x Ussr Labs (Jan 13)
- Re: NIS2k Brad Griffin (Jan 13)
- Misleading sense of security in Netscape Craig Ruefenacht (Jan 13)
- Re: Misleading sense of security in Netscape Jefferson Ogata (Jan 18)
- New MySQL Available Scott (Jan 13)
- BindView Security Advisory: Local Promotion Vulnerability in Windows NT 4 BindView Security Advisory (Jan 13)
- Microsoft Security Bulletin (MS00-003) Microsoft Product Security (Jan 13)
- ICQ Buffer Overflow Exploit drew copley (Jan 11)
- Re: ICQ Buffer Overflow Exploit Dennis W. Mattison (Little Wolf) (Jan 12)
- Re: ICQ Buffer Overflow Exploit Michael DeSimone (Jan 13)
- Re: ICQ Buffer Overflow Exploit Tom Schumm (Jan 14)
- Re: ICQ Buffer Overflow Exploit Simon Steed (Jan 13)
- Anyone can take over virtually any domain on the net... Thomas Reinke (Jan 11)
- Re: Anyone can take over virtually any domain on the net... Jon Lewis (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Jeffrey Paul (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Chris Adams (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Shafik Yaghmour (Jan 13)
- Re: Anyone can take over virtually any domain on the net... Nick Lamb (Jan 15)
- Re: Anyone can take over virtually any domain on the net... Kurt Seifried (Jan 13)
- Blinding BIND to a moving domain D. J. Bernstein (Jan 12)