[23757] in bugtraq
Re: ICQ remote buffer overflow vulnerability
daemon@ATHENA.MIT.EDU (elijah wright)
Tue Jan 8 17:08:09 2002
Date: Mon, 7 Jan 2002 16:33:44 -0500 (EST)
From: elijah wright <elw@stderr.org>
To: Daniel Tan <datan@seas.upenn.edu>
Cc: bugtraq@securityfocus.com
In-Reply-To: <3C38ACAB.474676E2@seas.upenn.edu>
Message-ID: <Pine.LNX.4.43.0201071633040.21563-100000@eckhart.stderr.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> This is very similar to the AIM overflow recently discovered.
> ICQ protocol uses the same TLV (2711) packet and there is a similar
> weakness in the parsing of the packet.
duh, that's because its essentially the same protocol. :)
ICQ clients should probably be viewed with the same suspicion as the
vulnerable AIM clients.
elijah
