[13397] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Yahoo Pager/Messanger Buffer Overflow

daemon@ATHENA.MIT.EDU (Jaynus Jaynus)
Mon Jan 17 20:42:42 2000

Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
Mime-Version: 1.0
Message-Id:  <200001170655.WAA09932@mail8.bigmailbox.com>
Date:         Sun, 16 Jan 2000 22:55:44 -0800
Reply-To: Jaynus Jaynus <jaynus@GOATRANCE.COM>
From: Jaynus Jaynus <jaynus@GOATRANCE.COM>
X-To:         BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM

While reading my bugtraq mail, I read over the ICQ overflow that had be found (suprised it came so late) so I was curious if this existed in any other clients. Upon testing the below URL, yahoo pager/messenger crashed in the same was as ICQ.

http://www.asdf.com/?

Just a quick little find, I am guessing that it should be easy to push the stack in an exploitable direction, but for the time being, it can be used as just a simple DoS attack.

- J a y n u s


 /\___ \
 \/__/\ \     __     __  __    ___   __  __    ____
    _\ \ \  /'__`\  /\ \/\ \ /' _ `\/\ \/\ \  /',__\
   /\ \_\ \/\ \L\.\_\ \ \_\ \/\ \/\ \ \ \_\ \/\__, `\
   \ \____/\ \__/.\_\\/`____ \ \_\ \_\ \____/\/\____/
    \/___/  \/__/\/_/ `/___/> \/_/\/_/\/___/  \/___/
                         /\___/
                         \/__/

------------------------------------------------------------
get yourname@goatrance.com from http://www.goatrance.com!
electronic music, mail, trance and downloads at http://www.futuretrance.com

home	help	back	first	fref	pref	prev	next	nref	lref	last	post