Home > Buffer Overflow > Buffer Overflow In AOL ICQ: Jan 24

Buffer Overflow In AOL ICQ: Jan 24

Systems Affected AOL Mirabilis ICQ Versions 2001A and prior Voice Video & Games plugin installed with AOL Mirabilis ICQ prior to version 2001B Beta v5.18 Build #3659 Overview There is a This site is completely free -- paid for by advertisers and donations. according to cert, there have been no known exploits of this problem. SPARC Solaris 9 : 112970-02 or later Solaris 8 : 109326-09 or later Solaris 7 : 106938-06 or later Solaris 2.6 : 105755-12 or later Solaris 2.5.1 : 103663-19 or later http://lebos.org/buffer-overflow/buffer-overflow.php

the vulnerability can be exploited during the processing of a voice, video, or game message request, which is designed to invite the user to connect directly to another computer via a In addition, for users who log in to the server with versions of 2001B prior to Beta v5.18 Build #3659, access to the vulnerable plug-in will be disabled. In addition, for users who log in to the server with versions of 2001B prior to Beta v5.18 Build #3659, access to the vulnerable plug-in will be disabled. AOL, which owns ICQ, recommends upgrading to the most recent beta version.Novell issuesRegarding: ManageWiseDate posted: Jan. 25, 2002Patch URL: Click here to download the patch.Information URL: Click here for more information.According to Novell, http://www.cert.org/historical/advisories/CA-2002-02.cfm?

CA-2002-24 August 1, 2002 No Trojan Horse OpenSSH Distribution - - CA-2002-23 July 30, 2002 No Multiple Vulnerabilities in OpenSSL - - CA-2002-22 July 29, 2002 No Multiple Vulnerabilities in Microsoft PCMag Digital Group Privacy Policy Terms of Use About Contact Archives Glossary Advertise Accessibility Statement unused

TechRepublic Search GO CXO Cloud Big Data Security Innovation More Software Data Centers Networking CA-2002-16 June 5, 2002 No Multiple Vulnerabilities in Yahoo!

  1. This message is supposed to be a request from another ICQ user inviting the victim to participate interactively with a third-party application.
  2. It forces the .dll to not wait for all threads from previous lookups to be released.
  3. Worldwide Services Business Services Application Services Transformational Application Managed Services Customer Relationship Management SystemSAP Services Cloud Services for SAP SAP HANA Consulting and Implementation Services Rapid Deployment Solutions Enterprise Operations Management

See Sun Alert Notification (Sun Alert ID: 46022) for the detail. There is currently no patch available for the ICQ plug-in for 2001B or versions of the ICQ client prior to 2001B. We recommend denying direct connections from anyone without authorization. ron's opinion with the huge amount of instant messaging and communications applications used these days, it is not surprising that we have found more security flaws.

A person who wishes to establish a direct connection can query an ICQ server for the IP address and listening port of the victim. An exploit is known to exist, but we do not believe it has been distributed in the wild. Block ICQ/SMS requests at the firewall Blocking connections to login.icq.com and access to ports 4000/UDP, 5190/TCP and the TCP port that your client chooses to listen on may prevent exploitation of Note that the client may establish a new listening port each time it is run.

See Sun Alert Notification (Sun Alert ID: 46122) for the detail. An exploit is known to exist, but we do not believe it has been distributed in the wild. Some versions of the ICQ client open port 4000/UDP for client-server communication. Si vous souhaitez continuer vers le site, nous supposerons que vous acceptez notre utilisation des cookies pour le bon fonctionnement de notre site et pour des publicités ciblées en fonction de

Related LinksSmart Mobility Vision of Smart Mobility What is SPATIOWL? In addition, for users who log in to the server with versions of 2001B prior to Beta v5.18 Build #3659, access to the vulnerable plug-in will be disabled. Black Manta Can Save the DCEU Comics 02.01.2017 :: 6:00PM EST Nissin Foods Is Offering Special Final Fantasy XV Cup Noodles Culture 02.01.2017 :: 5:15PM EST Raspberry Pi Plus Lego Equals federally-funded computer security organization Computer Emergency Response Team Coordination Center (CERT/CC) said in an advisory Thursday.AOL has fixed the flaw on its servers, but also recommends that users upgrade their ICQ

I. have a peek at these guys Version 2001B Beta v5.18 Build #3659's installer will delete the vulnerable plug-in. Solution All users should upgrade to version 2001B Beta v5.18 Build #3659. now its sadly neglected due to adware problems and msn is starting to look good.

CA-2002-33 November 21, 2002 No Heap Overflow Vulnerability in Microsoft Data Access Components (MDAC) - - CA-2002-32 November 21, 2002 No Backdoor in Alcatel OmniSwitch AOS - - CA-2002-31 November 14, Games 02.01.2017 :: 1:00PM EST :: Tony Polanco Games Details of 2.5 Million Xbox and PlayStation Gamers Leaked by Hackers Games More subscribe to our newsletter: Subscribing to a newsletter indicates By accepting direct connections from known peers, you may still be vulnerable to attacks that originate from known peers if the peer has been compromised. http://lebos.org/buffer-overflow/buffer-overflow-with-ie6.php AOL Mirabilis ICQ Versions 2001A and prior Voice Video & Games plugin installed with AOL Mirabilis ICQ prior to version 2001B Beta v5.18 Build #3659 All users should upgrade to version

See Sun Alert Notification (Sun Alert ID: 46366) for the detail. In versions prior to 2001B, the buffer overflow occurs in code within the ICQ client. Carnegie Mellon University does not make any warranty of any kind with respect to freedom from patent, trademark, or copyright infringement. _________________________________________________________________ Conditions for use, disclaimers, and sponsorship information Copyright 2002

aol/icq has been doing everything they can to obsolete the older versions of icq to force everyone to download the new, "enhanced" icq versions - i.e., the ones with ads.

When vendors report new information to the CERT/CC, we update this section and note the changes in our revision history. Messenger - - CA-2002-15 June 4, 2002 No Denial-of-Service Vulnerability in ISC BIND 9 - - CA-2002-14 May 29, 2002 No Buffer overflow in Macromedia JRun - - CA-2002-13 May 10, Learn more Engage with Us Training CERT Training Courses Curricula Cyber Workforce Development About Us Overview Leadership News Careers Information for Researchers Developers System Administrators Managers Educators Law Enforcement Home Historical Systems Affected * AOL Mirabilis ICQ Versions 2001A and prior * Voice Video & Games plugin installed with AOL Mirabilis ICQ Versions 2001B Beta v5.18 Build #3659 and prior Overview There

Users with versions prior to 2001B must upgrade to mitigate this vulnerability. Getting security information CERT publications and other security information are available from our web site http://www.cert.org/ To subscribe to the CERT mailing list for advisories and bulletins, send email to [email protected] Also, since UDP packets can be broadcast on a network, a malicious TLV packet with a spoofed source IP address may be accepted as a legitimate server message. this content See Sun Alert Notification (Sun Alert ID: 45961) for the detail.

Note that the client may establish a new listening port each time it is run. If a particular vendor is not listed below, we have not received their comments. We recommend denying direct connections from anyone without authorization. No, create an account now.

If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. I. See Sun Alert Notification (Sun Alert ID: 43541) for the detail. the wishlist is still there for a simple secure easy to use free program which doesnt overcharge the user with bombarded crap so often attached to these programs. - by software

Please include in the body of your message subscribe cert-advisory * "CERT" and "CERT Coordination Center" are registered in the U.S. Advertisement Recent Posts A to Z of Items #5 poochee replied Feb 1, 2017 at 11:41 PM A-Z Occupations #4 poochee replied Feb 1, 2017 at 11:40 PM ABC of double See Sun Alert Notification (Sun Alert ID: 44309) and Sun Alert Notification (Sun Alert ID: 56300) for the detail. CA-2002-06 March 4, 2002 No Vulnerabilities in Various Implementations of the RADIUS Protocol - - CA-2002-05 February 27, 2002 No Multiple Vulnerabilities in PHP fileupload - - CA-2002-04 February 25, 2002

SPARC Solaris 9 : 112970-03 or later Solaris 8 : 109326-10 or later Solaris 7 : 106938-07 or later Solaris 2.6 : 105755-13 or later Solaris 2.5.1 : not planned Intel ICQ is vulnerable to a buffer overflow attack in which the memory allocated to the Voice Video & Games component is overwhelmed, allowing attackers to run any code they choose on Attackers that are able to exploit the vulnerability may be able to execute arbitrary code with the privileges of the victim user. PcAnywhere users may experience problems if this patch is applied.Regarding: Novell ClientsDate posted: Jan. 28, 2002Patch URL: Click here to download the patch.Information URL: Click here for more information.If your users connect via

By accepting direct connections from known peers, you may still be vulnerable to attacks that originate from known peers if the peer has been compromised. aol was quick to admit and patch the flaw once it was found, and this is good. In version 2001B the code containing the buffer overflow was moved to an external plug-in. CA-2002-02 January 24, 2002 No Buffer Overflow in AOL ICQ - - CA-2002-01 January 14, 2002 Yes Exploitation of Vulnerability in CDE Subprocess Control Service Patch created *1 - CERT Advisory

Upon connection to an AOL ICQ server, vulnerable builds of the 2001B client will be instructed by the server to disable the vulnerable plug-in. glad i gots no profile. :p - by a0l l0053r what else is new? (8:42am est fri feb 01 2002)it is obvious that this is only one of the flaws related Please start a New Thread if you're having a similar issue.View our Welcome Guide to learn how to use this site. By taking advantage of a buffer overflow, an attacker could execute code with the user's privileges.