Vulnerability Development mailing list archives
FW: AOL IM 4.7 d0s 0-Day
From: "leon" <leon () inyc com>
Date: Sat, 29 Sep 2001 20:08:24 -0400
Forget it blue boar those are the wrong packets. Maybe just post it without the packets. -----Original Message----- From: leon [mailto:leon () inyc com] Sent: Saturday, September 29, 2001 7:34 PM To: 'vuln-dev () securityfocus com' Subject: FW: AOL IM 4.7 d0s 0-Day -----Original Message----- From: leon [mailto:leon () inyc com] Sent: Saturday, September 29, 2001 7:32 PM To: 'vuln-dev () securityfocus com' Subject: AOL IM 4.7 d0s 0-Day Hi everyone, There is currently a 0-Day exploit for aol im that allows anyone to boot you just by sending an im, It is similar to the old ̂ bootstring. I have managed to get a debug of it along with a capture of the packets. Can anyone help me figure out how to defend against this or in the very least explain what is going on (since I don't have coding skillz). I managed to capture the packets with iris 2.0 and they are now .cap files. Can anyone help me A) recreate the exploit & B) tell me how to defend against it? Cheers, Leon Please mail me offline for the debug
Attachment:
1st packet.cap
Description:
Attachment:
2nd packet.cap
Description:
Current thread:
- FW: AOL IM 4.7 d0s 0-Day leon (Sep 29)
- <Possible follow-ups>
- FW: AOL IM 4.7 d0s 0-Day leon (Sep 29)
- Re: AOL IM 4.7 d0s 0-Day VeNoMouS (Sep 30)
- Re: AOL IM 4.7 d0s 0-Day austin (Sep 30)
- Re: AOL IM 4.7 d0s 0-Day VeNoMouS (Sep 30)
- Re: AOL IM 4.7 d0s 0-Day dev-null (Sep 30)