[13441] in bugtraq
Re: ICQ Buffer Overflow Exploit
daemon@ATHENA.MIT.EDU (Jeremy Johnson)
Thu Jan 20 15:03:01 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Message-Id: <4.2.0.58.20000119110410.00a69ab0@mail.real.com>
Date: Wed, 19 Jan 2000 11:05:22 +0000
Reply-To: Jeremy Johnson <jjohnson@REAL.COM>
From: Jeremy Johnson <jjohnson@REAL.COM>
X-To: Bryce Walter <brycewalter@HOTMAIL.COM>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000118194326.57510.qmail@hotmail.com>
not hard at all, numerous have already been written for linux/BSD.
http://www.freshmeat.net/search.php3?query=icq
At 07:43 PM 1/18/00 +0000, Bryce Walter wrote:
>Yes, but how tough would it be to write your own client to send msgs on the
>icq network. MS did it w/ AOL's instant messenger. :)
>
>
>
>>I have been playing with this bug a little, and it seems that ICQ only
>>picks
>>up oversize messages when they are keyed in, and not when they are pasted.
>>maybe it wouldn't be so bad if this was fixed so that at least the client
>>couldn't be used to execute this attack. :-/
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com
