Vulnerability Development mailing list archives

Re: ICQ exploit

From: Blake Frantz <blake () MC NET>
Date: Wed, 28 Mar 2001 16:20:19 -0600

I don't think that (sequential run...) would work.  You still need a valid
password for the account in order to connect to the ICQ network.  Most
chat clients like ICQ/Yahoo Messenger/etc... behave in the same manner.

Blake

=================================================================
The Government, like diapers, should be replaced regularly, and
often for the same reasons.

On Mon, 26 Mar 2001, Geo. wrote:

While playing around with my laptop and desktop today I noticed something
with ICQ.

If you have ICQ setup on 2 machines using the same ICQ number, as soon as
the second machine starts ICQ up the first machine gets an error about your
ICQ number being used on another machine and immediately takes ICQ off line.

I don't know the mechanism that allows this but has anyone considered an
exploit based upon this mechanism? Seems to me a sequential run could knock
a whole bunch of people off ICQ..

Geo.

Current thread:

Re: Positive uses for rootkits, (continued)
- - - Re: Positive uses for rootkits Kev (Mar 28)
    - Re: Positive uses for rootkits Ryan Permeh (Mar 29)
    - Kernel-level security (was Re: Positive uses for rootkits) Craig Boston (Mar 29)
    - Re: Positive uses for rootkits Gregor Binder (Mar 29)
- Re: Positive uses for rootkits Bosschert, B. (is-ks) (Mar 23)
  - ICQ exploit Geo. (Mar 28)
    - Re: ICQ exploit Jonathan James (Mar 28)
    - Re: ICQ exploit Mikko Ruskola (Mar 28)
    - Re: ICQ exploit Knud Erik Højgaard - CyberCity Support (Mar 28)
    - Re: ICQ exploit John (Mar 28)
    - Re: ICQ exploit Blake Frantz (Mar 28)