[23761] in bugtraq
Re: ICQ remote buffer overflow vulnerability
daemon@ATHENA.MIT.EDU ('ken'@FTU)
Tue Jan 8 17:55:38 2002
Date: Tue, 08 Jan 2002 17:06:24 -0500
From: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com>
To: elijah wright <elw@stderr.org>
Cc: Daniel Tan <datan@seas.upenn.edu>, bugtraq@securityfocus.com
Message-id: <3C3B6D60.2000302@yahoo.com>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii; format=flowed
Content-transfer-encoding: 7BIT
elijah wright wrote:
>>This is very similar to the AIM overflow recently discovered.
>>ICQ protocol uses the same TLV (2711) packet and there is a similar
>>weakness in the parsing of the packet.
>>
>
> duh, that's because its essentially the same protocol. :)
I disagree: there is an important distinction between the protocol (the
rules) and the parsing of the data (the implementation).
> ICQ clients should probably be viewed with the same suspicion as the
> vulnerable AIM clients.
This assumes that the coders who developed ICQ made the same errors as
the codes who developed AIM.
I happen to agree, but not because they use the same protocol. I agree
because many programmers do not know how to code (and parse) safely...
'ken'
