[19391] in bugtraq
Re: Bug / DoS in LICQ & Gnome-ICU
daemon@ATHENA.MIT.EDU (Graham Roff)
Tue Feb 27 15:49:22 2001
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-ID: <Pine.LNX.4.33.0102261626310.9481-100000@tuna.localdomain>
Date: Mon, 26 Feb 2001 16:29:04 -0500
Reply-To: Graham Roff <graham@LICQ.ORG>
From: Graham Roff <graham@LICQ.ORG>
X-To: -No Strezzz Cazzz <Butterphly6@cazzz.demon.nl>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <00cd01c094da$b2c68570$ae1beed4@unit909>
> Bug / DoS in LICQ (all versions) and Gnome-ICU (all versions)
>
> The sending of a .rtf file/document (rich text file) to one of the versions
> mentioned above will crash LICQ/Gnome-ICU on the target computer and it will
> close itself down after that. The error is probable the problem that
> Unix/Linux have with .rtf documents. Its not the .rtf extension itself,
> renamed rich text files have the same effect. So we can conclude that the
> problem is the content.
>
> This is tested from NT4 and NT5 workstations (running ICQ 2000b) to various
> Linux distro's (as "cooperating targets").
>
> Try it yourself en please let us know the results (if they vary from the
> results mentioned above). Please mail us at:
The actual data being received is never even examined by Licq. It is not
really possible for a correctly sent file transfer packet to cause
problems given the incredible simplicity of the protocol used. It is far
more likely that the icq client you are using is screwing up and sending
odd packets which screw up the remote client.
What exactly is the problem that Unix/Linux has with rtf files anyway?
_____________________________________________________________________
Graham Roff groff@engmail.uwaterloo.ca
University of Waterloo ICQ #2127503
Computer Engineering Canada
Nolites tes bastardes carborundorum
