icq99a.DoS.txt

1999-08-17T00:00:00
ID PACKETSTORM:12120
Type packetstorm
Reporter Packet Storm
Modified 1999-08-17T00:00:00

Description

                                        
                                            `Date: Mon, 29 Mar 1999 01:07:18 -0500  
From: Ronald A. Jarrell <jarrell@VTSERF.CC.VT.EDU>  
To: BUGTRAQ@netspace.org  
Subject: icq DOS / possible "stupid user" vulnerability.  
  
Ok, I was a bit surprised when, in playing with the new ICQ99a build 1700 v2.13  
client (which I believe is the first publicly distributed one of the  
99 family), I turned on the "Activate my home page" feature, and turned  
my laptop into a web server...  
  
Complete with a file server that allows by default anything in the  
"program files\icq\homepage\root\YOUR#\files" folder to be requested.  
Even set up a guest book, chat service, etc...  
  
After getting over being astonished (yea, they said "turning this on  
might increase people's access to your machine, and tell them your  
ip address" - of course it will. You're setting up a bloody web server  
you idiots. A bad one at that.) I naturally started doing some poking.  
  
Telnet to your port 80, and enter some non http gibberish. I tried  
"quit<cr>" for grins. Blam. Down goes the ICQ client with a GPF.  
Got someone else to turn theirs on, and sure enough, managed to shoot  
him down too.  
  
I warned Mirabilis about it. Folks at institutions that worry about  
such things, but let their employees run ICQ might want to be aware  
that said employees might well be running web servers now and not  
evening know it. On you ICQ contact list, if they're on it, said  
users show up with a little house next to their name.  
  
--  
Ron Jarrell  
VA Tech Computing Center  
  
--------------------------------------------------------------------------------  
  
Date: Mon, 29 Mar 1999 13:25:09 PST  
From: Eddie Eddie <desynk@HOTMAIL.COM>  
To: BUGTRAQ@netspace.org  
Subject: Re: icq DOS / possible "stupid user" vulnerability.  
  
I also noticed that this works not just for "quit", but for any  
misunderstood command.  
  
Eddie  
  
--------------------------------------------------------------------------------  
  
Date: Tue, 30 Mar 1999 06:16:58 +0000  
From: Kerb <kerb@CANA.NET>  
To: BUGTRAQ@netspace.org  
Subject: ICQ Webserver bug  
  
I am writing this in reply to the message posted by Ronald A. Jarrell entitled  
`icq DOS / possible "stupid user" vulnerability`. What platforms did you  
test that exploit on? I tested it on an x86 NT machine (Intel 233 w/ 32 MB of RAM)  
locally and remotely, dropped it both times. It did not seem to work on Windows 95,  
and maybe 98 (havent gotten a chance to test yet). I have a bit of exploit  
code written in perl...and it works fine against NT machines, but it would  
not harm my 95 machine. Just lookin for some info...  
  
-Kerb  
  
--------------------------------------------------------------------------------  
  
Date: Mon, 29 Mar 1999 19:47:19 +0200  
From: fvw <fvw@CHELLO.NL>  
To: BUGTRAQ@netspace.org  
Subject: Re: icq DOS / possible "stupid user" vulnerability.  
  
Even doing a http "GET ......." (with a lot more periods) will crash the  
icq 'webserver'.  
  
Mind you, ICQ has always had a high "DOSability factor".  
  
--------------------------------------------------------------------------------  
  
Date: Tue, 6 Apr 1999 13:42:53 -0400  
From: Ronald A. Jarrell <jarrell@VTSERF.CC.VT.EDU>  
To: BUGTRAQ@netspace.org  
Subject: Re: ICQ Webserver bug  
  
>From: Kerb <kerb@CANA.NET>  
  
>I am writing this in reply to the message posted by Ronald A. Jarrell  
>entitled `icq DOS / possible "stupid user" vulnerability`. What  
>platforms did you test that exploit on? I tested it on an x86 NT  
>machine (Intel 233 w/ 32 MB of RAM) locally and remotely, dropped it  
>both times. It did not seem to work on Windows 95, and maybe 98  
>(havent gotten a chance to test yet). I have a bit of exploit code  
  
  
Well, my box was win 98, and the remote box I tested it against was  
win 95. Didn't have anyone running NT handy to test against. However,  
another person I corresponded with who was testing this did get it to  
drop a 95 box, but not every time. Did it every time for me; but there's  
apparently other factors that contribute as well.  
  
--  
Ron Jarrell  
VA Tech Computing Center  
  
`