[27172] in bugtraq
RE: Trillian Remote DoS Attack - AIM
daemon@ATHENA.MIT.EDU (Joshua Wright)
Tue Sep 24 14:50:40 2002
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Tue, 24 Sep 2002 08:43:18 -0400
Message-ID: <156AA90517398D479A3473C35CE99EDD93302E@pvdexc99.jwu.edu>
From: "Joshua Wright" <Joshua.Wright@jwu.edu>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I was unable to reproduce a Trillian crash in this manner.
Using Trillian 0.74b on Windows XP sp1, test client Windows 2000 sp2
using AOL IM 5.0.2938.
Sent strings "P > O < C", "ee > 3e < 3dsaf", "3 > 3 < 3", "computer >
security < now" using a variety of fonts in AOL IM. Did not see a
significant jump in CPU or memory utilization.
- -Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright@jwu.edu
pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73
> Impact
> Trillian crashes and you have to restart. Bonus is if you
> keep crashing the person, AIM services will ban them for
> login flooding (Timed Ban).
> #########################
> # Offending Data String #
> #########################
> Send a AOL IM to someone with this string anywhere in the message
> (the spaces must be there)
>
> P > O < C
>
> And it will cause the application to crash. Other data
> strings do work IE
> ee > 3e < 3dsaf
> 3 > 3 < 3
> computer > security < now
>
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPZBd5o/i/ArUS0pzEQK2KwCePKyvZfvNAiCnhzlAWgsuCsDiGkEAoPs7
oWbp8KSm0iK89qcb+xc3Vg7w
=DdUp
-----END PGP SIGNATURE-----
