Title: mICQ Remote Buffer Overflow Vulnerability
Severity: HIGH
Description:
micq is a chat program for Linux systems.
micq-0.4.6 running on Linux/ix86 (Slackware 7.1 - RedHat 6.1) is vulnerable to a remote buffer overflow attack. Other versions on other platforms may also be vulnerable.
micq, a Linux-based, ICQ-compatible interactive messaging tool, makes use of an insecurely-structured call to sprintf() from its Do_Msg() function.
An attacker, who must have access to the network between the client and server, can intercept, analyze and add data to message traffic between client and server. By this method, the description field of a URL message sent from the ICQ server can be modified so that, when received and processed by the vulnerable micq client, it creates an overflow condition in the 'message char' buffer.
If the data surreptitiously added to the URL message from the server is structured correctly, the overflow can be exploited to execute arbitrary code on the affected host with the privilege level of micq.
In addition, the possibility exists of a local exploit. A similar technique to the above remote exploit may permit a local DoS. If micq is run suid, this could also potentially yield root privilege to the local attacker.
Affected Products:
- Matthew Smith mICQ 0.4.6
- RedHat Linux 7.2.0 i386
- RedHat Linux 7.2.0 ia64
- RedHat Linux 7.3.0
References:
- Matthew Smith: Micq homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
