[25199] in bugtraq
DOS for Icq 2001&2002
daemon@ATHENA.MIT.EDU (Michael)
Sat Apr 20 16:41:30 2002
Date: 19 Apr 2002 12:17:15 -0000
Message-ID: <20020419121715.23979.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Michael <spacoom@gmx.net>
To: bugtraq@securityfocus.com
Icq2001b & Icq2002a Denial Of Service
---------------------------------------------------
If you send a malicious "contact" message, you can
freeze target icq.
Let's look at the contact packet (taken from Massimo
Melina documentation)
contacts-msg content is:
contacts number
0xFE
uin
0xFE
nick
0xFE
uin
0xFE
nick
...
and so on
if we set contacts number to lets say 65535 and will
send such packet, then target icq stop responding.
Task manager shows, that icq takes more and more
memory, until you kill it or it will eat all system
resources.
Proof of concept:
http://www.spacoom.net/dfm/DFM.exe
Fix: at this time - disable receiving contacts from
everyone (including your contact list)
AOL as always instead of patching the bug, trying to
threaten me, you can find there letter at
http://www.spacoom.net/dfm/aol.txt
Michael.
