[10124] in bugtraq
Re: ICQ Webserver bug
daemon@ATHENA.MIT.EDU (Ronald A. Jarrell)
Wed Apr 7 15:26:45 1999
Date: Tue, 6 Apr 1999 13:42:53 -0400
Reply-To: "Ronald A. Jarrell" <jarrell@VTSERF.CC.VT.EDU>
From: "Ronald A. Jarrell" <jarrell@VTSERF.CC.VT.EDU>
X-To: Kerb <kerb@CANA.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Tue, 30 Mar 99 06:16:58 GMT."
<19990330061718Z227355-23324+81@fire.netspace.org>
>From: Kerb <kerb@CANA.NET>
>I am writing this in reply to the message posted by Ronald A. Jarrell
>entitled `icq DOS / possible "stupid user" vulnerability`. What
>platforms did you test that exploit on? I tested it on an x86 NT
>machine (Intel 233 w/ 32 MB of RAM) locally and remotely, dropped it
>both times. It did not seem to work on Windows 95, and maybe 98
>(havent gotten a chance to test yet). I have a bit of exploit code
Well, my box was win 98, and the remote box I tested it against was
win 95. Didn't have anyone running NT handy to test against. However,
another person I corresponded with who was testing this did get it to
drop a 95 box, but not every time. Did it every time for me; but there's
apparently other factors that contribute as well.
--
Ron Jarrell
VA Tech Computing Center
