Kevin
- thanks for your integrity and the
info.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-----Original
Message-----
From: Kevin
Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:35
AM
To: NT System Admin
Issues
Subject: RE:
Looking for a discussion on IM
You
know, I violated a cardinal rule of mine - don't post something if you
can't back it up. I did have a reference and now can't find
it. I did find a similar exploit in the Yahoo messenger. I'm
still pretty confident I did read about either a real attack via the icon,
or at least a proof of concept, and I will keep looking for it.
Anyway, the below is an exploit against an IM, so it shows it is
vulnerable.
From
http://www.ca.com/virusinfo/encyclopedia/
Yahoo
Pager/Messanger Buffer Overflow
There is a buffer overflow problem
with Yahoo Messenger that leaves the user vulnerable to remote attack. The
problem arises due to a lack of appropriate bounds checking on the length
of a URL that is received from another user inside a message.
Unfortunately, due to this oversight, it is possible for unprivileged and
possibly hostile remote users to execute arbitrary commands by overwriting
the EIP (return address) and filling the URL with malevolent code. The
hostile code could then be actioned when the unsuspecting target host
clicks on the URL.
-----Original
Message-----
From: Gordon
W. Smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 9:07
AM
To: NT System Admin
Issues
Subject: RE:
Looking for a discussion on IM
OUCH! A
virus in a smiley? Tell me more! I couldn't find anything
about it.
-----Original
Message-----
From: Kevin
Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001 7:50
AM
To: NT System Admin
Issues
Subject: RE:
Looking for a discussion on IM
Two things come
to immediate mind:
1) Many IM
clients allow for file transfer. Depending on your overall security
policy this in itself can be an issue. Even if you allow people to
transfer files, the IM client then becomes a point of security
control. For example, with AIM, it is supposed to ask the user if it
is ok if their chat partner sends them a file. How long do you think
it will be before hackers manage to bypass that "confirmation"?
Further, then they bad-guys could then just send a backdoor program to the
hard disk. Or just pick up sensitive data from the
computer.
2) There has
already been at least one IM based virus - done by embedding malicious
code in an icon smiley face. This becomes another area where the
anti-virus vendors have to keep up.
I'm sure there
are other reasons as well, those are just the 2 that come to my mind
before finishing my first cup of coffee.
-----Original
Message-----
From: Clark,
Steve [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001
11:17 PM
To: NT System
Admin Issues
Subject:
Looking for a discussion on IM
Hello,
I
have been asked to research and potentially implement IM for a company to
communicate internally as well as externally. However, I have always heard
that IM was evil and to close it down ASAP. I would like to hear real
world implementation concerns/ tips as well as the security issues
associated.
Thanks
in advance for your input.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm