[icq-devel] ICQ overflow - was: client-client version 6/7 ack?



Markus Kern markus-kern at gmx.net
Sun Feb 3 11:31:44 CET 2002


> Btw, has anyone had any -technical- information about the ICQ client
> overflow?
> has the guy who released the advisory told ANYONE about technical details?

I've played a bit with that one.
Turns out that AOL blocked it on the server side. When you send a
game request with a long (< 16k IIRC) 2711 TLV the server
immediately disconnects you.

As for the client to client way, I was able to crash ICQ 2000b using
a game request with approximately 63k.
Debugging ICQ is a pain in the ass and I can't tell whether this is
exploitable. Though it looks more like a heap overflow than a stack
overflow to me.

regards,
Markus




More information about the icq-devel mailing list