[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Trillian Remote DoS Attack - AIM

To: <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: Trillian Remote DoS Attack - AIM
From: "Joshua Wright" <Joshua.Wright@xxxxxxx>
Date: Tue, 24 Sep 2002 08:43:18 -0400
Delivered-to: mailing list bugtraq@xxxxxxxxxxxxxxxxx
Delivered-to: moderator for bugtraq@xxxxxxxxxxxxxxxxx
Delivery-date: Tue, 24 Sep 2002 19:41:05 +0200
Envelope-to: bugtraq@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcJjVK56odpY0nAvTa6ZJOfpUZF4PAAcqJvg
Thread-topic: Trillian Remote DoS Attack - AIM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was unable to reproduce a Trillian crash in this manner.

Using Trillian 0.74b on Windows XP sp1, test client Windows 2000 sp2
using AOL IM 5.0.2938.

Sent strings "P > O < C", "ee > 3e < 3dsaf", "3 > 3 < 3", "computer >
security < now" using a variety of fonts in AOL IM.  Did not see a
significant jump in CPU or memory utilization.

- -Joshua Wright
Team Leader, Networks and Systems
Johnson & Wales University
Joshua.Wright@xxxxxxx 

pgpkey: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xD44B4A73
fingerprint: FDA5 12FC F391 3740 E0AE BDB6 8FE2 FC0A D44B 4A73



> Impact
> Trillian crashes and you have to restart. Bonus is if you
> keep crashing the person, AIM services will ban them for
> login flooding (Timed Ban).


> #########################
> # Offending Data String #
> #########################
> Send a AOL IM to someone with this string anywhere in the message
> (the spaces must be there)
> 
> P > O < C
> 
> And it will cause the application to crash. Other data 
> strings do work IE
> ee > 3e < 3dsaf 
> 3 > 3 < 3
> computer > security < now
> 

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPZBd5o/i/ArUS0pzEQK2KwCePKyvZfvNAiCnhzlAWgsuCsDiGkEAoPs7
oWbp8KSm0iK89qcb+xc3Vg7w
=DdUp
-----END PGP SIGNATURE-----

Prev by Date: Apache 2.0.(39|40) DOS (PHP!)
Next by Date: Re: IE6 SSL Certificate Chain Verification
Previous by thread: Trillian Remote DoS Attack - AIM
Next by thread: RE: Trillian Remote DoS Attack - AIM
Index(es):
- Date
- Thread