NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Secunia Advisories> 2003-q2

[sec-adv] ICQ Multiple Vulnerabilities

From: Secunia Security Advisories (sec-advsecunia.com)
Date: Tue May 06 2003 - 01:59:49 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
ICQ Multiple Vulnerabilities

READ ONLINE:
http://www.secunia.com/advisories/8727/

CRITICAL:
Highly critical

IMPACT:
Man-In-The-Middle, DoS, System access

WHERE:
From remote

SOFTWARE:
ICQ 2002
ICQ 2001
ICQ 2000
ICQ 99
ICQ 1.x
ICQ 2003a

DESCRIPTION:
Multiple vulnerabilities have been identified in Mirabilis ICQ, where
the worst can be exploited to gain system access.

There exists a format string vulnerability in the POP3 Client's UIDL
field. This could be exploited by malicious POP3 servers to gain
system access, by returning a maliciously crafted UIDL.

The POP3 Client also doesn't verify the "Subject" and "Date" headers
correctly. This could be exploited by sending an email with a
malicious, long "Date" and "Subject" header, which overflows a signed
16 bit integer. This could possibly be exploited to execute arbitrary
code.

ICQ does not verify the authenticity when installing new features.
This could be exploited by malicious people, who are able to perform
Man-In-The-Middle or DNS spoofing attacks to install arbitrary
software.

ICQ does not handle invalid HTML properly in the message
advertisements window. This could be exploited by malicious people,
who are able to perform Man-In-The-Middle or DNS spoofing attacks to
inject malicious HTML that causes ICQ to consume 100% CPU.

ICQ does not validate GIF files correctly. This could be exploited to
cause a Denial of Service condition.

SOLUTION:
Do not use ICQ to read emails.

If you are annoyed by the Denial of Service vulnerabilities, we
recommend that you use another ICQ client or another Instant
Messaging System.

The vendor was notified in March and April but has not responded.

REPORTED BY / CREDITS:
Lucas Lavarello, Daniel Benmergui, Norberto Kueffner and Fernando
Russ from Core Security Technologies.

ORIGINAL ADVISORY:
http://www.coresecurity.com/common/showdoc.php?idx=315&idxseccion=10

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web : http://www.secunia.com/
E-mail : supportsecunia.com
Tel : +44 (0) 20 7016 2693
Fax : +44 (0) 20 7637 0419

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]