Re: ICQ remote buffer overflow vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Daniel Tan <datan@seas.upenn.edu>
Subject: Re: ICQ remote buffer overflow vulnerability
From: elijah wright <elw@stderr.org>
Date: Mon, 7 Jan 2002 16:33:44 -0500 (EST)
Cc: bugtraq@securityfocus.com
In-reply-to: <3C38ACAB.474676E2@seas.upenn.edu>


> This is very similar to the AIM overflow recently discovered.
> ICQ protocol uses the same TLV (2711) packet and there is a similar
> weakness in the parsing of the packet.

duh, that's because its essentially the same protocol.  :)

ICQ clients should probably be viewed with the same suspicion as the
vulnerable AIM clients.

elijah

Follow-Ups:
- Re: ICQ remote buffer overflow vulnerability
  - From: 'ken'@FTU
- Re: ICQ remote buffer overflow vulnerability
  - From: Daniel Tan

References:
- ICQ remote buffer overflow vulnerability
  - From: Daniel Tan

Prev by Date: Re: Aftpd core dump vulnerability
Next by Date: Re: IE https certificate attack
Previous by thread: Re: ICQ remote buffer overflow vulnerability
Next by thread: Re: ICQ remote buffer overflow vulnerability
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux