Dear LICQ developers,
I found something while looking at CVE-2002-0251 for any involvement of
a string format vulnerability (the CVE text hints at it, even though your
patch for the issue fixed a buffer overflow instead).
In the file icqpacket.cpp, line 1253, there's a call to snprintf where a
variable string, szState, occuppies the position of the format string. Data
for this string seems to be coming from the network (c.f. code in
icqd-udp.cpp, CICQDaemon::ProcessMetaCommand for the case
META_GENERALxINFO).
It is still present in the most recent version of licq using anonymous cvs
access.
As I am writing a paper on the use of source code auditors to find
vulnerabilities, I would appreciate being able to reference this
vulnerability. The submission deadline for the paper is only a couple of
days; however, the paper would be only distributed to a few responsible
reviewers, and wouldn't be published until October, if accepted. Would you
mind?
Thanks,
Pascal Meunier, Ph.D., M.Sc., CISSP
Assistant Research Scientist
Purdue University CERIAS
Recitation Building
656 Oval Drive
West Lafayette, IN 47907-2039
+1 (765) 494-7841 (main)
http://www.cerias.purdue.edu/
-------------------------------------------------------
This SF.net email is sponsored by: eBay
Get office equipment for less on eBay!
http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5
_______________________________________________
Licq-devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/licq-devel
