OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: leon (leoninyc.com)
Date: Sun Mar 10 2002 - 00:39:47 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Aim on MAC OS X does not appear to be vulnerable. It gives a message
    complaining about screenname length. I can confirm that indeed all
    version of aim 4.3 - 4.8 are vulnerable (on windows).

    Regards,

    Leon

    - -----Original Message-----
    From: John Adair [mailto:J.AdairSempermedUSA.com]
    Sent: Thursday, March 07, 2002 1:34 PM
    To: vuln-devsecurityfocus.com
    Subject: RE: AIM including the beta 4.8.2646 Local/Remote Buffer
    Oveflow

    eSafe Gateway(tm) has scanned this mail for viruses, vandals and
    suspicious attachments and has found it to be CLEAN.

    File: smime.p7s (2,256 bytes)
    Encoding: Base64
    Result: Clean.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    If anyone wants the dump file please e-mail me off list. I was able
    to
    overwrite the edi, but I am sure we can find more given enough
    research.vuln-devsecurityfocus.com

    I'm at work so I can't look into this issue too much, but here is
    what I
    found in a couple of minutes. I was able to craft my link to
    overwrite a
    few registers on the stack. I attached the dump I got from my first
    test. I used a larger buffer than what the advisory stated, but not
    much
    larger. On a side note, I had to reboot to get AIM to startup again
    and
    when I tried starting it up again (before the reboot) my machine
    froze.
    On another machine it crashed the entire system when Dr Watson was
    generating the dump file.

    - - - -
    Opinions expressed do not necessarily represent the views of my
    employer.

    This message and any attachment are confidential and may be
    privileged or
    otherwise protected from disclosure. If you are not the intended
    recipient, please telephone, fax or e-mail to the sender without
    delay.
    Return this message or delete this message and any attachment from
    your
    system as per our request. If you are not the intended recipient you
    must
    not copy this message or attachments or disclose the contents to any
    other
    person.

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

    iQA/AwUBPIr/stqAgf0xoaEuEQJdPgCg46n3xI9/M7qoLo0ujVgp1W/1QyIAnRFp
    iNKhiDHrvQxUrK86GL2XPuG8
    =/0B6
    -----END PGP SIGNATURE-----