OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq Archives: Re: ICQ Buffer Overflow Exploit

Re: ICQ Buffer Overflow Exploit

Subject: Re: ICQ Buffer Overflow Exploit
From: Dylan Griffiths (Dylan_GBIGFOOT.COM)
Date: Wed Jan 19 2000 - 19:02:48 CST

Bryce Walter wrote:
> Yes, but how tough would it be to write your own client to send msgs on the
> icq network. MS did it w/ AOL's instant messenger. :)

If you head over to freshmeat.net, you can find a variety of ICQ protocol
clients covered under various open source licences. Most of these programs
ignore most of the restrictions of the closed source "Official" Windows ICQ
client. Any exploits will likely use a modified client, or ICQlib.

An interesting problem arose in the past was when one of the developers of
these found you could just send a password of 9+ characters to the login
servers, and be authenticated as anyone. This buffer overflow solved the
problem of assuming the guise of a trusted individual. I think that AOL has
fixed the problem since then, but if you can masquerade as a legitimate
person (enough to get past any security settings on the target's machine),
it would be trivial to then cause problems, given that they are running ICQ
99. A lot of people will let you onto their lists just "for chat," too, so
becoming a trusted user may be trivial, regardless of ICQ login servers.

Another reason to keep the version you like of closed source apps around.
ICQ 98 exhibits none of the security holes that ICQ 99 does, AFAIK. 

--
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me
spread!

This archive was generated by hypermail 2b27 : Thu Jan 20 2000 - 16:58:37 CST