Re: ICQ remote buffer overflow vulnerability
From: Daniel Tan (datan@seas.upenn.edu)Date: 01/06/02
- Previous message: secure@conectiva.com.br: "[CLA-2002:449] Conectiva Linux Security Announcement - mutt"
- In reply to: Daniel Tan: "ICQ remote buffer overflow vulnerability"
- Next in thread: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 06 Jan 2002 16:09:44 -0500 From: Daniel Tan <datan@seas.upenn.edu> To: bugtraq@securityfocus.com
I've discovered that the same payload can be sent through Direct
Connection with the receiver, even with the DC settings set to
maximum (ie. allow only users on my contact list, allow DC
upon authorisation, do not allow older version of clients to DC).
If the sender is 'trusted' (ie. on the users' contact list), the
sender can establish a TCP connection with the users' listening
port even if DC settings are on maximum (in which case the
receiver's IP & port are not given to the sender, but one can
find this out in other ways eg. email header + port scan).
Whereas having the payload sent through the server allows a
possible remedy in having the server check for malformed packets,
being able to send the packet directly to the client takes away
that possibility.
Again, this works only for ICQ2000 clients.
-------------
Daniel Tan
Class of 2004
Jerome Fisher Management & Technology Program
University of Pennsylvania, USA
datan@seas.upenn.edu
datan@wharton.upenn.edu
-------------
- Previous message: secure@conectiva.com.br: "[CLA-2002:449] Conectiva Linux Security Announcement - mutt"
- In reply to: Daniel Tan: "ICQ remote buffer overflow vulnerability"
- Next in thread: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
