This is hardly 0-day, and I think that the authors of this advisory know it. I'm sure that AOL has also been made aware of it many times over. There are also numerous other buffer overflows, including sending files with overly long filenames, sending invalid font tags, buddy icons which are malformed, etc, etc. There has been a program out for months, in fact, which allows a person to use their normal AIM client to kick people off. This program has been around for months, and has been open source for months. I will not name that program here because there are no doubt numerous kiddies who would love to be able to punt, but it is out there. (Hello, Robbie.) A little more details on the exploit which Angrypacket supposedly discovered: It affects all of AOL's versions of AIM for Win32. It also affects all versions of Netscape's AIM, with the exception of the AIM program included with Netscape 6.1. It effects gAIM, but only when the user is connected to gAIM via the Oscar protocol. It does not appear to affect Mac clients, or AOL's Java client. It does not appear any clients which connect via the TOC protocol, namely TiK, miniTiK, tnt, jaim, jam, etc, due to limitations in the size of the commands you can send to the server through TOC. When a person using TOC has a punt attempt against them, it simply says, "The previous message was too long and could not be displayed." I am not sure about applications like Jabber, Trillian, Odigo, etc, as I have not looked into what protocol they use to connect to AIM, nor have I tested those clients. I hope this helps clear up any questions which could easily have been created by the vagueness of this advisory. BlueJAMC DKG/CTC -----Original Message----- From: Tony Lambiris [mailto:methodic@slartibartfast.angrypacket.com] Sent: Tuesday, October 02, 2001 5:54 PM To: bugtraq@securityfocus.com Subject: AIM 0day DoS We just finished writing a proof-of-concept DoS exploit for the <!-- bug recently found in AIM (at least for Windows..). It can be found at: http://sec.angrypacket.com Under the 'code' section. -- Tony Lambiris [methodic@slartibartfast.angrypacket.com] http://www.openbsd.org && http://www.openssh.com "Anyone who truly understands the power of UNIX wouldn't use anything else."
