Kevin
- thanks for your integrity and the
info.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
-----Original
Message-----
From:
Kevin Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:35 AM
To: NT System
Admin Issues
Subject:
RE: Looking for a discussion on IM
You know, I
violated a cardinal rule of mine - don't post something if you can't
back it up. I did have a reference and now can't find it. I
did find a similar exploit in the Yahoo messenger. I'm still
pretty confident I did read about either a real attack via the icon, or
at least a proof of concept, and I will keep looking for it.
Anyway, the below is an exploit against an IM, so it shows it is
vulnerable.
From http://www.ca.com/virusinfo/encyclopedia/
Yahoo
Pager/Messanger Buffer Overflow
There is a buffer overflow
problem with Yahoo Messenger that leaves the user vulnerable to remote
attack. The problem arises due to a lack of appropriate bounds checking
on the length of a URL that is received from another user inside a
message. Unfortunately, due to this oversight, it is possible for
unprivileged and possibly hostile remote users to execute arbitrary
commands by overwriting the EIP (return address) and filling the URL
with malevolent code. The hostile code could then be actioned when the
unsuspecting target host clicks on the URL.
-----Original
Message-----
From:
Gordon W. Smith [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
9:07 AM
To: NT System
Admin Issues
Subject:
RE: Looking for a discussion on IM
OUCH! A
virus in a smiley? Tell me more! I couldn't find anything
about it.
-----Original
Message-----
From:
Kevin Lundy [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 24, 2001
7:50 AM
To: NT System
Admin Issues
Subject:
RE: Looking for a discussion on IM
Two things come
to immediate mind:
1) Many IM
clients allow for file transfer. Depending on your overall
security policy this in itself can be an issue. Even if you allow
people to transfer files, the IM client then becomes a point of security
control. For example, with AIM, it is supposed to ask the user if
it is ok if their chat partner sends them a file. How long do you
think it will be before hackers manage to bypass that
"confirmation"? Further, then they bad-guys could then just send a
backdoor program to the hard disk. Or just pick up sensitive data
from the computer.
2) There has
already been at least one IM based virus - done by embedding malicious
code in an icon smiley face. This becomes another area where the
anti-virus vendors have to keep up.
I'm sure there
are other reasons as well, those are just the 2 that come to my mind
before finishing my first cup of coffee.
-----Original
Message-----
From:
Clark, Steve [mailto:[EMAIL PROTECTED]]
Sent: Sunday, September 23, 2001
11:17 PM
To: NT System
Admin Issues
Subject:
Looking for a discussion on IM
Hello,
I
have been asked to research and potentially implement IM for a company
to communicate internally as well as externally. However, I have always
heard that IM was evil and to close it down ASAP. I would like to hear
real world implementation concerns/ tips as well as the security issues
associated.
Thanks
in advance for your input.
Steve
Clark
Clark
Systems Support, LLC
AVIEN
Charter Member
"Who's
watching your network?"
www.clarksupport.com
301-610-9584 voice
240-465-0323 Efax
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm
http://www.sunbelt-software.com/ntsysadmin_list_charter.htm