{"id": "SECURITYVULNS:DOC:9854", "bulletinFamily": "software", "title": "Trillian remote crashable", "description": "Hi!\r\n\r\nI am using LICQ and when I want to establish a direct connection to Trillian using the ICQ protocol and\r\na reverse connection is requested, Trillian crashes reproducable:\r\n\r\n08:12:36: [TCP] Sending message to xxx (#1).\r\n08:12:36: [PKT] Packet (SRVv0, 38 bytes) sent:\r\n (192.168.0.10:46810 -> 64.12.24.112:5190)\r\n 0000: 2A 02 06 A6 00 20 00 04 00 14 00 00 00 00 00 1F *..\u00a6. ..........\r\n 0010: 00 00 00 00 00 00 00 00 00 01 09 31 32 30 36 38 ...........12068\r\n 0020: 31 35 34 35 00 00 1545..\r\n08:12:36: [TCP] Requesting reverse connection from xxx.\r\n08:12:36: [PKT] Packet (SRVv0, 107 bytes) sent:\r\n (192.168.0.10:46810 -> 64.12.24.112:5190)\r\n 0000: 2A 02 06 A7 00 65 00 04 00 06 00 00 00 00 00 20 *..\u00a7.e.........\r\n 0010: 00 00 00 00 00 00 00 20 00 02 09 31 32 30 36 38 ....... ...12068\r\n 0020: 31 35 34 35 00 05 00 43 00 00 00 00 00 00 00 00 1545...C........\r\n 0030: 00 20 09 46 13 44 4C 7F 11 D1 82 22 44 45 53 54 . .F.DL..\u0421."DEST\r\n 0040: 00 00 00 0A 00 02 00 01 00 0F 00 00 27 11 00 1B ............'...\r\n 0050: 8B 7F 2A 00 3E B2 2D CF A0 0F 00 00 04 0A 04 00 ..*.>\u0406-\u041f .......\r\n 0060: 00 A0 0F 00 00 08 00 20 00 00 00 . ..... ...\r\n08:12:48: [PKT] Packet (SRVv0, 40 bytes) received:\r\n (192.168.0.10:46810 <- 64.12.24.112:5190)\r\n 0000: 2A 02 53 BF 00 22 00 03 00 0C 00 00 8C F4 C9 18 *.S\u0457.".......\u0444\u0419.\r\n 0010: 09 31 32 30 36 38 31 35 34 35 00 00 00 02 00 01 .120681545......\r\n 0020: 00 02 00 00 00 1D 00 00 ........\r\n08:12:48: [SRV] xxx went offline.\r\n\r\nSeems that Trillian is having a problem with these reverse direct connections. I tested it recently\r\nwith the latest Trillian 3.0.\r\n\r\nThe crash was firstly reported to Cerulan Studios in their Bug Forum in January:\r\nhttp://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c&threadid=64889\r\n\r\nThanks\r\nPhilipp Kolmann\r\n\r\nPS: Please Cc me, since I am not subscribed on the list.", "published": "2005-10-04T00:00:00", "modified": "2005-10-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:9854", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:14", "edition": 1, "viewCount": 8, "enchantments": {"score": {"value": 4.8, "vector": "NONE", "modified": "2018-08-31T11:10:14", "rev": 2}, "dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2020-1151", "ELSA-2020-1598"]}, {"type": "redhat", "idList": ["RHSA-2020:1598", "RHSA-2020:1151"]}, {"type": "nessus", "idList": ["SL_20200407_LIBREOFFICE_ON_SL7_X.NASL", "CENTOS_RHSA-2020-1151.NASL", "EULEROS_SA-2020-1390.NASL", "EULEROS_SA-2019-2169.NASL", "EULEROS_SA-2019-2354.NASL", "REDHAT-RHSA-2020-1151.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220192169", "OPENVAS:1361412562310852915", "OPENVAS:1361412562310852748", "OPENVAS:1361412562311220201390", "OPENVAS:1361412562311220192354"]}, {"type": "mskb", "idList": ["KB955430"]}, {"type": "centos", "idList": ["CESA-2020:1151"]}, {"type": "cve", "idList": ["CVE-2008-7273", "CVE-2014-2595", "CVE-2008-7272"]}], "modified": "2018-08-31T11:10:14", "rev": 2}, "vulnersScore": 4.8}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 gbzxa.coinpoolit.webhop.me** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:4934C703-F83E-326C-9854-69D64239769E", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 gbzxa.coinpoolit.webhop.me", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **antihohol[.]ru** in [RST Threat Feed](https://rstcloud.net/profeed) with score **34**.\n First seen: 2021-01-25T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **malware**.\nDomain has DNS A records: 188[.]120.242.154\nWhois:\n Created: 2020-12-26 19:38:24, \n Registrar: REGRURU, \n Registrant: Private Person.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-25T00:00:00", "id": "RST:1A978616-0BD1-3AA2-9854-6E619F01B8D6", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: antihohol.ru", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **0[.]0.0.0 zmail.bitalo.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **48**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 94[.]130.253.215\nWhois:\n Created: 2013-03-17 10:42:25, \n Registrar: GoDaddycom LLC, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:A43D0F87-F57A-3C89-9854-B09BDA0F3A28", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 0.0.0.0 zmail.bitalo.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-23T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **16938[.]cn.bitcoin.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **20**.\n First seen: 2021-02-23T03:00:00, Last seen: 2021-02-23T03:00:00.\n IOC tags: **cryptomining**.\nWhois:\n Created: 2008-01-04 14:15:06, \n Registrar: unknown, \n Registrant: NameCheap Inc.\nIOC could be a **False Positive** (Domain not resolved, but Whois records found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-02-23T00:00:00", "id": "RST:75C29227-9854-38BD-8BBD-6B71C90E016A", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 16938.cn.bitcoin.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **91[.]98.32.223** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **1**.\n First seen: 2019-11-27T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **generic**.\nASN 16322: (First IP 91.98.32.0, Last IP 91.98.95.255).\nASN Name \"PARSONLINE\" and Organisation \"Tehran IRAN\".\nASN hosts 16789 domains.\nGEO IP information: City \"\", Country \"Iran\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-11-27T00:00:00", "id": "RST:92C0D025-6602-3078-9854-A3AB97C4BCFA", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: 91.98.32.223", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **xn--b1af1bp[.]xn--p1ai** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:193E3500-59EC-3DC1-9854-F513BA0A0692", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: xn--b1af1bp.xn--p1ai", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **trafficseosweb[.]win** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 36[.]86.63.182,192.5.5.241,192.36.148.17,192.112.36.4,198.41.0.4,193.0.14.129\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:824D8F0F-6460-3F52-9854-420161AD6D72", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: trafficseosweb.win", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **tomens[.]tk** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:08C536DB-7396-3A1E-9854-40344EBCB1EA", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: tomens.tk", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-30T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **scitie[.]ddns.net** in [RST Threat Feed](https://rstcloud.net/profeed) with score **4**.\n First seen: 2020-03-22T03:00:00, Last seen: 2021-01-30T03:00:00.\n IOC tags: **malware**.\nDomain has DNS A records: 0[.]0.0.0\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-03-22T00:00:00", "id": "RST:CACF3DD7-AEAB-3E3A-9854-C6A5CD02BE2E", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: scitie.ddns.net", "type": "rst", "cvss": {}}, {"lastseen": "2021-02-22T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **ritesales[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-02-22T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 3[.]223.115.185 and CNAME records: HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com.\nWhois:\n Created: 2015-02-21 19:28:54, \n Registrar: TurnCommerce Inc DBA NameBrightcom, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:1C5BF646-A781-3139-9854-CDAB02D55125", "href": "", "published": "2021-02-23T00:00:00", "title": "RST Threat feed. IOC: ritesales.com", "type": "rst", "cvss": {}}]}