Re: ICQ remote buffer overflow vulnerability

• Previous message: Bjorn Djupvik: "svindel.net security advisory - web admin vulnerability in CacheOS"
• In reply to: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
• Next in thread: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

elijah wright wrote:

>>This is very similar to the AIM overflow recently discovered.
>>ICQ protocol uses the same TLV (2711) packet and there is a similar
>>weakness in the parsing of the packet.
>>
>
> duh, that's because its essentially the same protocol. :)

I disagree: there is an important distinction between the protocol (the
rules) and the parsing of the data (the implementation).

> ICQ clients should probably be viewed with the same suspicion as the
> vulnerable AIM clients.

This assumes that the coders who developed ICQ made the same errors as
the codes who developed AIM.

I happen to agree, but not because they use the same protocol. I agree
because many programmers do not know how to code (and parse) safely...

'ken'

• Previous message: Bjorn Djupvik: "svindel.net security advisory - web admin vulnerability in CacheOS"
• In reply to: elijah wright: "Re: ICQ remote buffer overflow vulnerability"
• Next in thread: Nick FitzGerald: "Re: ICQ remote buffer overflow vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Tue Jan 08 2002 - 23:43:08 CET