SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   ICQ Vendors:   America Online, Inc.
ICQ Chat Client Can Be Crashed By Remote Users Sending Malformed Contact Packets
SecurityTracker Alert ID:  1004120
SecurityTracker URL:  http://securitytracker.com/id/1004120
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 22 2002
Impact:   Denial of service via network
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2001b, 2002a
Description:   A denial of service vulnerability was reported in the ICQ client software. A remote user can cause the client to freeze.

It is reported that a remote user can send a malicious "contact" message to cause the target ICQ client to freeze.

If the contacts number is set to 65535 (for example) and sent to a target user, the target user's ICQ client will reportedly stop responding and will consume an increasing amount of memory on the target user's operating system.

A demonstration exploit binary is available at:

http://www.spacoom.net/dfm/DFM.exe

Impact:   A remote user can cause another user's ICQ client to crash.
Solution:   It is reported that the vendor made a change to the software (2002a Beta Build #3727) on April 19, 2002 to prevent users from contacting you unless they are on your contact list. This apparently prevents a remote user from crashing your ICQ client unless the remote user is on your contact list.
Vendor URL:  www.icq.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  DOS for Icq 2001&2002




Icq2001b & Icq2002a Denial Of Service
---------------------------------------------------

If you send a malicious "contact" message, you can 
freeze target icq.

Let's look at the contact packet (taken from Massimo 
Melina documentation)

contacts-msg content is:
contacts number
0xFE 
uin
0xFE 
nick
0xFE
uin
0xFE
nick
...
and so on

if we set contacts number to lets say 65535 and will 
send such packet, then target icq stop responding. 
Task manager shows, that icq takes more and more 
memory, until you kill it or it will eat all system 
resources.

Proof of concept: 
http://www.spacoom.net/dfm/DFM.exe

Fix: at this time - disable receiving contacts from 
everyone (including your contact list)

AOL as always instead of patching the bug, trying to 
threaten me, you can find there letter at 
http://www.spacoom.net/dfm/aol.txt


Michael.


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC