Re: ICQ remote buffer overflow vulnerability
From: 'ken'@FTUDate: 01/08/02
- Previous message: Bjorn Djupvik: "svindel.net security advisory - web admin vulnerability in CacheOS"
- In reply to: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
- Next in thread: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 08 Jan 2002 17:06:24 -0500 From: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com> To: elijah wright <elw@stderr.org>
elijah wright wrote:
>>This is very similar to the AIM overflow recently discovered.
>>ICQ protocol uses the same TLV (2711) packet and there is a similar
>>weakness in the parsing of the packet.
>>
>
> duh, that's because its essentially the same protocol. :)
I disagree: there is an important distinction between the protocol (the
rules) and the parsing of the data (the implementation).
> ICQ clients should probably be viewed with the same suspicion as the
> vulnerable AIM clients.
This assumes that the coders who developed ICQ made the same errors as
the codes who developed AIM.
I happen to agree, but not because they use the same protocol. I agree
because many programmers do not know how to code (and parse) safely...
'ken'
- Previous message: Bjorn Djupvik: "svindel.net security advisory - web admin vulnerability in CacheOS"
- In reply to: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
- Next in thread: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
