[19248] in bugtraq
Re: Security hole in kicq
daemon@ATHENA.MIT.EDU (Eric Warmenhoven)
Thu Feb 15 21:47:59 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010215141849.A15591@lsanca1-ar4-058-092.dsl.gtei.net>
Date: Thu, 15 Feb 2001 14:18:49 -0800
Reply-To: Eric Warmenhoven <warmenhoven@YAHOO.COM>
From: Eric Warmenhoven <warmenhoven@YAHOO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0102142153470.3588-100000@wit393303.student.utwente.nl>; from
w.r.kamphuis@STUDENT.UTWENTE.NL on Wed, Feb 14,
2001 at 09:56:10PM +0100
> > I tried with version 1.0.0, it is vulnerable for sure.
> > Other versions (such as 2.0.0b1) seem to be vulerable as well,
> > though i did not compile them to try.
> >
> one little try shows that licq (http://licq.org) is vulerable too however the
> complete url will be visible to the user.
>
Kaim (http://sourceforge.net/projects/kaim) is also similarly vulnerable;
though because it's an AIM client the URL has to be crafted as an HTML link.
Kaim doesn't show you the URL before you click on it, though it does let you
copy it without going to it.
Eric
