[13333] in bugtraq
Re: ICQ Buffer Overflow Exploit
daemon@ATHENA.MIT.EDU (Dennis W. Mattison (Little Wolf))
Thu Jan 13 16:20:17 2000
Mime-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
micalg=SHA1; boundary="----=_NextPart_000_004B_01BF5D41.5B57C780"
Message-Id: <NDBBKELAELFPELMGBANBKEOHCAAA.mattison@webovision.com>
Date: Wed, 12 Jan 2000 21:09:48 -0800
Reply-To: "Dennis W. Mattison (Little Wolf)" <mattison@WEBOVISION.COM>
From: "Dennis W. Mattison (Little Wolf)" <mattison@WEBOVISION.COM>
X-To: drew copley <d_copley@YAHOO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000111183043.8950.qmail@web2001.mail.yahoo.com>
This is a multi-part message in MIME format.
------=_NextPart_000_004B_01BF5D41.5B57C780
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Two things:
1. I am not able to verify this vulnerability under Windows98, running ICQ
99b Beta 3.19 Build 2569. I tried sending excessively long URL's using
the URL message send (I could not find a way of sending a URL during chat,
other than typing it in the window, you might send out the instructions on
how to do this) and was unable to buffer overflow the program. I'll keep
trying, there might be something I am not doing right...
2. I do not agree with your fix, however. There is a much simpler fix
available, go into the Preferences window, select the Events tab, select
the URL setting on the "Select Event to Configure" combobox and then
select "Auto Decline." This appears to shut down the http event. I've
tried sending URL messages back and forth between two machines and was
unable to receive them. I've turned all events off in ICQ, it is much
easier to tell someone I am chatting with to look at a particular URL
without using the URL message capability.
-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of drew
copley
Sent: Tuesday, January 11, 2000 10:31 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: ICQ Buffer Overflow Exploit
Buffer Overflow in ICQ
--Stuff Deleted--
---
Dennis W. Mattison (Little Wolf)
(This message should be signed, please verify signature if you suspect
fraud.)
------=_NextPart_000_004B_01BF5D41.5B57C780
Content-Type: application/x-pkcs7-signature;
name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="smime.p7s"
MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIJoDCCAjEw
ggGaAgUCpAAAATANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNp
Z24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBB
dXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNOTkxMjMxMjM1OTU5WjBfMQswCQYDVQQGEwJVUzEX
MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkg
Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAOUZv22j
VmEtmUhx9mfeuY3rt56GgAqRDvo4Ja9GiILlc6igmyRdDR/MZW4MsNBWhBiHmgabEKFz37RYOWtu
wfYV1aioP6oSBo0xrH+wNNePNGeICc0UEeJORVZpH3gCgNrcR5EpuzbJY1zF4Ncth3uhtzKwezC6
Ki8xqu6jZ9rbAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAUnO6mlXc3D+CfbCQmGIqgkx2AG4lPdXC
CXBXAQwPdx8YofscYA6gdTtJIUH+p1wtTEJJ0/8o2Izqnf7JB+J3glMj3lXzzkST+vpMvco281tm
sp7I8gxeXtShtCEJM8o7WfySwjj8rdmWJOAt+qMp9TNoeE60vJ9pNeKomJRzO8QwggMuMIICl6AD
AgECAhEA0nYujRQMPX2yqCVdr+4NdTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG
A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2Vy
dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTgwNTEyMDAwMDAwWhcNMDgwNTEyMjM1OTU5WjCBzDEX
MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsx
RjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYu
LExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlTaWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBT
dWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRlZDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAu1pEigQWu1X9A3qKLZRPFXg2uA1Ksm+cVL+86HcqnbnwaLuV2TFBcHqBS7lIE1YtxwjhhEKr
wKKSq0RcqkLwgg4C6S/7wju7vsknCl22sDZCM7VuVIhPh0q/Gdr5FegPh7Yc48zGmo5/aiSS4/zg
ZbqnsX7vyds3ashKyAkG5JkCAwEAAaN8MHowEQYJYIZIAYb4QgEBBAQDAgEGMEcGA1UdIARAMD4w
PAYLYIZIAYb4RQEHAQEwLTArBggrBgEFBQcCARYfd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5
L1JQQTAPBgNVHRMECDAGAQH/AgEAMAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQIFAAOBgQCIuDc7
3dqUNwCtqp/hgQFxHpJqbS/28Z3TymQ43BuYDAeGW4UVag+5SYWklfEXfWe0fy0s3ZpCnsM+tI6q
5QsG3vJWKvozx74Z11NMw73I4xe1pElCY+zCphcPXVgaSTyQXFWjZSAA/Rgg5V+CprGoksVYasGN
Azzrw80FopCubjCCBDUwggOeoAMCAQICECst9oDkqBl/0LbJcpuveRUwDQYJKoZIhvcNAQEEBQAw
gcwxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBBIEluY29ycC4gQnkg
UmVmLixMSUFCLkxURChjKTk4MUgwRgYDVQQDEz9WZXJpU2lnbiBDbGFzcyAxIENBIEluZGl2aWR1
YWwgU3Vic2NyaWJlci1QZXJzb25hIE5vdCBWYWxpZGF0ZWQwHhcNOTkwODMxMDAwMDAwWhcNMDAw
ODMwMjM1OTU5WjCCAR0xFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
biBUcnVzdCBOZXR3b3JrMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvUlBB
IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk4MR4wHAYDVQQLExVQZXJzb25hIE5vdCBWYWxp
ZGF0ZWQxNDAyBgNVBAsTK0RpZ2l0YWwgSUQgQ2xhc3MgMSAtIE1pY3Jvc29mdCBGdWxsIFNlcnZp
Y2UxGzAZBgNVBAMUEkRlbm5pcyBXLiBNYXR0aXNvbjEmMCQGCSqGSIb3DQEJARYXbWF0dGlzb25A
d2Vib3Zpc2lvbi5jb20wXDANBgkqhkiG9w0BAQEFAANLADBIAkEAyQQjpUfTDYBkwAmxr5T+THLh
M4U+8JQz6WnDDp0cyAX/w2ay0lPmH5DGrP36wJ8IXsAJxqyD3NnB0vjpnGXHywIDAQABo4IBBjCC
AQIwCQYDVR0TBAIwADCBrAYDVR0gBIGkMIGhMIGeBgtghkgBhvhFAQcBATCBjjAoBggrBgEFBQcC
ARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWdu
LCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0
ZC4gKGMpOTcgVmVyaVNpZ24wEQYJYIZIAYb4QgEBBAQDAgeAMDMGA1UdHwQsMCowKKAmoCSGImh0
dHA6Ly9jcmwudmVyaXNpZ24uY29tL2NsYXNzMS5jcmwwDQYJKoZIhvcNAQEEBQADgYEAWvjg7EiY
QTTm1Fkm6WajLMCl7ET0X3FZ9jAJYfJXGnEgqJy4AxLnSnI78uEw8wz+omzjWN+GCaXHTJS7Pnkm
QVLPEhLMFQBiRxRp0NTLi9fXx01iU1EcwC9L0ojYc6Y5xKMYrjzvNPJxjNteEsmkrdsOtugE7RNI
DkCLGZzLEAsxggL3MIIC8wIBATCB4TCBzDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNV
BAsTFlZlcmlTaWduIFRydXN0IE5ldHdvcmsxRjBEBgNVBAsTPXd3dy52ZXJpc2lnbi5jb20vcmVw
b3NpdG9yeS9SUEEgSW5jb3JwLiBCeSBSZWYuLExJQUIuTFREKGMpOTgxSDBGBgNVBAMTP1ZlcmlT
aWduIENsYXNzIDEgQ0EgSW5kaXZpZHVhbCBTdWJzY3JpYmVyLVBlcnNvbmEgTm90IFZhbGlkYXRl
ZAIQKy32gOSoGX/Qtslym695FTAJBgUrDgMCGgUAoIIBrDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcN
AQcBMBwGCSqGSIb3DQEJBTEPFw0wMDAxMTMwNTA5NDdaMCMGCSqGSIb3DQEJBDEWBBSwaYMR66BO
hLgeSMPTy/ZnkxVEUjBYBgkqhkiG9w0BCQ8xSzBJMAoGCCqGSIb3DQMHMA4GCCqGSIb3DQMCAgIA
gDAHBgUrDgMCBzANBggqhkiG9w0DAgIBKDAHBgUrDgMCGjAKBggqhkiG9w0CBTCB8gYJKwYBBAGC
NxAEMYHkMIHhMIHMMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24g
VHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJ
bmNvcnAuIEJ5IFJlZi4sTElBQi5MVEQoYyk5ODFIMEYGA1UEAxM/VmVyaVNpZ24gQ2xhc3MgMSBD
QSBJbmRpdmlkdWFsIFN1YnNjcmliZXItUGVyc29uYSBOb3QgVmFsaWRhdGVkAhArLfaA5KgZf9C2
yXKbr3kVMA0GCSqGSIb3DQEBAQUABEC3THoQK1JL+Cw1PDvYDAEfzQCW+dNR51gyajU7XbFNnyCE
NDG/3QFqcdURNAKHStEtAHhQkBOKtRbxxxWrjO1SAAAAAAAA
------=_NextPart_000_004B_01BF5D41.5B57C780--
