Re: AOL IM 4.7 d0s 0-Day

From: VeNoMouS (venom@phreaker.net)
Date: 09/30/01 

Message-ID: <002601c14970$a40a7c80$3100a8c0@co.nz>
From: "VeNoMouS" <venom@phreaker.net>
To: "leon" <leon@inyc.com>, <vuln-dev@securityfocus.com>
Subject: Re: AOL IM 4.7 d0s 0-Day
Date: Sun, 30 Sep 2001 17:27:47 +1200

run ethereal or something and get a proper packet log, that way if iris is
missing any certain char @ least ethereal would grab it, and we could
actally tell you whats going on.

----- Original Message -----
From: leon <leon@inyc.com>
To: <vuln-dev@securityfocus.com>
Sent: Sunday, September 30, 2001 12:08 PM
Subject: FW: AOL IM 4.7 d0s 0-Day

> Forget it blue boar those are the wrong packets. Maybe just post it
> without the packets.
>
>
> -----Original Message-----
> From: leon [mailto:leon@inyc.com]
> Sent: Saturday, September 29, 2001 7:34 PM
> To: 'vuln-dev@securityfocus.com'
> Subject: FW: AOL IM 4.7 d0s 0-Day
>
>
>
> -----Original Message-----
> From: leon [mailto:leon@inyc.com]
> Sent: Saturday, September 29, 2001 7:32 PM
> To: 'vuln-dev@securityfocus.com'
> Subject: AOL IM 4.7 d0s 0-Day
>
> Hi everyone,
>
> There is currently a 0-Day exploit for aol im that allows anyone to boot
> you just by sending an im, It is similar to the old &#770; bootstring.
> I have managed to get a debug of it along with a capture of the packets.
> Can anyone help me figure out how to defend against this or in the very
> least explain what is going on (since I don't have coding skillz). I
> managed to capture the packets with iris 2.0 and they are now .cap
> files. Can anyone help me A) recreate the exploit & B) tell me how to
> defend against it?
>
> Cheers,
>
> Leon
>
> Please mail me offline for the debug
>
>

Relevant Pages

  • FW: AOL IM 4.7 d0s 0-Day
    ... There is currently a 0-Day exploit for aol im that allows anyone to boot ... I have managed to get a debug of it along with a capture of the packets. ... Can anyone help me figure out how to defend against this or in the very ...
    (Vuln-Dev)
  • FW: AOL IM 4.7 d0s 0-Day
    ... Forget it blue boar those are the wrong packets. ... There is currently a 0-Day exploit for aol im that allows anyone to boot ... I have managed to get a debug of it along with a capture of the packets. ... Can anyone help me figure out how to defend against this or in the very ...
    (Vuln-Dev)
  • Re: Sonicwall and AOL webmail
    ... AoL sucks and has many security holes. ... It's their own adapter, which makes it ... > We have deployed a large number of Sonicwall devices (ranging from ... > packets. ...
    (comp.security.firewalls)
  • Re: Sonicwall and AOL webmail
    ... If the end result was to access AOL email, ... > We have deployed a large number of Sonicwall devices (ranging from ... > packets. ...
    (comp.security.firewalls)
  • Sonicwall and AOL webmail
    ... We have spoken with AOL, and it was indicated to us that they were ... Sonicwall, and got to the US AOL site just fine. ... Sonicwall suggested that we lower our MTU to 1300 and allow fragmented ... packets. ...
    (comp.security.firewalls)