ICQ Internal IP Address Disclosure

1998-11-11T00:00:00
ID OSVDB:7964
Type osvdb
Reporter Mnemonix(mnemonix@globalnet.co.uk)
Modified 1998-11-11T00:00:00

Description

Vulnerability Description

ICQ contains a flaw that may lead to an unauthorized information disclosure. The problem is that the program leaks the internal IP address of a client in the TCP data segment of an ICQ packet, which will disclose network information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ICQ contains a flaw that may lead to an unauthorized information disclosure. The problem is that the program leaks the internal IP address of a client in the TCP data segment of an ICQ packet, which will disclose network information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.icq.com/products/whatisicq.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_4/0422.html ISS X-Force ID: 1398 CVE-1999-1289