|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: IM exploitable vulnerabilities .. any pointers?
From: Kusuriya (kusuriya
gmail.com)
Date: Thu Jul 13 2006 - 19:07:05 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Look at a lot of the ICQ exploits too, they are a good starting ground
on how NOT to structure a IM service. Also AIMs direct connect feature
while you are sending files and such shows your IP address on both
ends by using netstat (not really an exploit but I would consider it a
vunlrebility), but always rember there is no patch for human
stupidity, soo that bug is always exploitable
On 7/4/06, Alice Bryson <abrysonbytefocus.com> wrote:
> hi, GAIM has been found to be exploitable remotely, although it is a
> old vulnerability. I wish this information may help you.
>
> Gaim, an instant messenger client, contains a number of bugs which may
> allow an attacker to execute arbitrary code on the remote host.
> To exploit these bugs, an attacker would need to send malformed instant
> messages to a user of this host.
> See CAN-2004-0005, CAN-2004-0006, CAN-2004-0007, CAN-2004-0008
>
>
> mailto:abrysonbytefocus.com
> http://www.lwang.org
>
>
> 2006/6/29, nikun <nikunhgmail.com>:
> > PS: sorry for sending it to multiple lists, I want all the information I can collect.
> >
> > Hi Guyz,
> > I am compiling a research paper for exploitable vulnerabilities with
> > instant messengers (not website, only IM ... client side) like yahoo,
> > hotmail, gmail, LCS, sametime, jabber and stuff like that. Does anybody
> > have some good references, mailing lists, urls or papers regarding them. Is anybody
> > working actively in this field?
> >
> > This paper is an episode from a series of papers which talk about
> > alternative entry points for hackers and their counter measures. ummm.. Something like OOB
> > access :-)
> >
> > Thankyou,
> > Nikun
> >
> >
> > ------------------------------------------------------------------------------
> > This List Sponsored by: Cenzic
> >
> > Concerned about Web Application Security?
> > Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> > Choice Award from eWeek. As attacks through web applications continue to rise,
> > you need to proactively protect your applications from hackers. Cenzic has the
> > most comprehensive solutions to meet your application security penetration
> > testing and vulnerability management needs. You have an option to go with a
> > managed service (Cenzic ClickToSecure) or an enterprise software
> > (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> > help you: http://www.cenzic.com/news_events/wpappsec.php
> > And, now for a limited time we can do a FREE audit for you to confirm your
> > results from other product. Contact us at requestcenzic.com for details.
> > ------------------------------------------------------------------------------
> >
> >
>
>
> --
> Have a Good Day
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at requestcenzic.com for details.
> ------------------------------------------------------------------------------
>
>
--
Pharmacy
Aim: ThePharmacyRx, Yahoo: HiryuuDragon
MSN: HiryuuDragonhotmail.com (will not respond to emails sent here),
ICQ: 317688947, Jabber: Kusuriyajabber.org,
Email: Kusuriyagmail.com
-
When it absolutely positivly must be destroyed overnight - Us Army...
and ask about our new Total Destruction in under 30 minutes.. it is
gone in 30 minutes or less or your next one is free
vay' DaneHbogh yIchargh - Conquer what you desire.
"Microsoft isn't evil, they just make really crappy operating systems."
-Linus Torvalds
"If you can't make it good, at least make it look good."
- Bill Gates
---------------------- OmniCode 0.1.6 -----------------------
sxy cm180 kg96.8 skeaaf73 ha632910 ey31190f es= sp* Ag1984.May.18 anE
hdd Lo43,59N-76,1W ZoT RlD Kd! MBINTP FH! UF? IN10 AdC&S
PrC++(5)^(9).Actively_Learning&Q_Basic(9)&HTML(7)
----------- Omnicode http://www.gadgeteer.net/omnicode/ -----------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]