[13369] in bugtraq
Re: ICQ Buffer Overflow Exploit
daemon@ATHENA.MIT.EDU (Michael DeSimone)
Sat Jan 15 03:27:43 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <007001bf5e20$e62df840$380f18d0@facilityshopper.com>
Date: Thu, 13 Jan 2000 17:49:56 -0600
Reply-To: Michael DeSimone <michael@DESIMONE.NET>
From: Michael DeSimone <michael@DESIMONE.NET>
X-To: "Dennis W. Mattison (Little Wolf)" <mattison@WEBOVISION.COM>,
BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
I was sort of able to duplicate the buffer over flow. The following is the
steps I took and the results:
Copy the original URL from the original notice (sites.yahoo etc...) to
include the binary exclamation marks et. all.
Downloaded complied assembly code for a little cube generator and open in
UE32.
Paste in the URL etc.
Copy all of it and paste it into the URL section of ICQ's send a web
address.
Con my wife into opening the URL.
Listen to her bitch at me for crashing her computer.
Doing this did not execute the binary code that was placed at the end of the
URL but did cause an unwanted, adverse reaction from the OS Win 98 Release1.
That resulted in a reboot.
I have not had a chance to witness 1st hand what happened on her box but
from her description I believe it at least crashed the TCP/IP stack
(surprise) and some memory issues as well.
I will have a chance to further investigate tonight and will follow up.
Michael DeSimone
Computer Stuff
----- Original Message -----
From: Dennis W. Mattison (Little Wolf) <mattison@WEBOVISION.COM>
To: <BUGTRAQ@SECURITYFOCUS.COM>
Sent: Wednesday, January 12, 2000 11:09 PM
Subject: Re: ICQ Buffer Overflow Exploit
Two things:
1. I am not able to verify this vulnerability under Windows98, running ICQ
99b Beta 3.19 Build 2569. I tried sending excessively long URL's using
the URL message send (I could not find a way of sending a URL during chat,
other than typing it in the window, you might send out the instructions on
how to do this) and was unable to buffer overflow the program. I'll keep
trying, there might be something I am not doing right...
2. I do not agree with your fix, however. There is a much simpler fix
available, go into the Preferences window, select the Events tab, select
the URL setting on the "Select Event to Configure" combobox and then
select "Auto Decline." This appears to shut down the http event. I've
tried sending URL messages back and forth between two machines and was
unable to receive them. I've turned all events off in ICQ, it is much
easier to tell someone I am chatting with to look at a particular URL
without using the URL message capability.
-----Original Message-----
From: Bugtraq List [mailto:BUGTRAQ@SECURITYFOCUS.COM]On Behalf Of drew
copley
Sent: Tuesday, January 11, 2000 10:31 AM
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: ICQ Buffer Overflow Exploit
Buffer Overflow in ICQ
--Stuff Deleted--
---
Dennis W. Mattison (Little Wolf)
(This message should be signed, please verify signature if you suspect
fraud.)
