SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   AOL Instant Messenger Vendors:   America Online, Inc.
AOL Instant Messenger Can Be Disconnected By Remote Users Sending Spoofed FIN or SYN Scans
SecurityTracker Alert ID:  1008126
SecurityTracker URL:  http://securitytracker.com/id/1008126
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 10 2003
Impact:   Denial of service via network
Exploit Included:  Yes  
Version(s): 5.2.3292
Description:   Paul Kurczaba reported a denial of service vulnerability in AOL Instant Messenger (AIM). A remote user can conduct a spoofed TCP SYN or FIN scan against the target system to cause the target user's AIM client to disconnect.

It is reported that a remote user can invoke the 'nmap' network scanning tool in FIN or SYN Stealth mode against the port range from 9000 to 10000 with a spoofed source address to trigger the flaw. After the nmap scan is finished, the AIM client will display the "Connection Lost. Check your internet connection" error message, according to the report.

Impact:   A remote user can cause a target user's AIM client to disconnect from the AIM service.
Solution:   No solution was available at the time of this entry.

The author of the report indicates that as a workaround, you can use a personal firewall, such as ZoneAlarm or, for Windows XP users, the Windows XP Firewall.

Vendor URL:  aim.aol.com/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)
Underlying OS Comments:  Tested on Windows XP

Message History:   None.


 Source Message Contents

Subject:  AOL Instant Messanger Spoofed SYN and FIN Packet Vulnerability




Summary
---------------------------------
Spoofed SYN and FIN packets cause AOL Instant Messenger to disconnect
from the AIM service. This vulnerability can be easily exploited with Nmap.

Affected Systems/Configuration
---------------------------------
Nmap is a "network exploration" tool that can be found at
www.insecure.org <http://www.insecure.org>. The AIM client version
tested was 5.2.3292 (latest version), running on Windows XP with the
latest patches. The version of Nmap used was 3.00 (NMapWin v1.3.1
interface), running on Windows 98. Nmap was set up to scan the AIM
client machine.

Vulnerability/Exploit
---------------------------------
The Nmap settings used are as follows, Mode: FIN or SYN Stealth, Port
Range: 9000-10000, Use Decoy: 127.0.0.1. After the Nmap scan was
complete, the AIM client would display a message saying "Connection
Lost. Check your internet connection". To continue using AIM, I had to
reconnect to the AIM service.

Workaround
---------------------------------
Install a personal firewall, such as ZoneAlarm, which is available from
www.zonelabs.com <http://www.zonelabs.com>. Another alternative is to
activate the Windows XP Firewall.

Vendor Status
---------------------------------
I have not notified America Online.

Credit
---------------------------------
Paul Kurczaba
pkurczaba@att.net <mailto:pkurczaba@att.net>
http://www.myipis.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC