- This topic has 0 replies, 1 voice, and was last updated 23 years, 5 months ago by
.
-
Posts
-
NewsBytes
October 3, 2001
A bug in America OnlineŒs AOL Instant Messenger program for Windows allows a malicious user to crash other AIM users, security experts advised today.
The attack, which may have been in use underground for some time, involves sending an AOL Instant Messenger (AIM) user a specially crafted instant message. Upon receipt of the notification of the message, the victimŒs AIM program will crash and require re-starting.
The denial of service bug affects the current edition of AIM for Windows, version 4.7.2480, as well as earlier releases. According to AOL, more than 100 million people have registered to use the companyŒs instant messaging service.
AOL officials were not immediately available for comment on the bug report.
Source code to a program called “AIMrape,” which exploits the flaw, was posted on the Internet Tuesday. According to the programŒs author, Tony Lambiris, he did not discover the bug but created AIMrape as a “public proof of concept” after reading about the issue on Vuln-Dev, a security mailing list.
Under the default configuration of AIM, the malicious user does not need to be on the victimŒs buddy list for the attack to be successful, he said.
The attack exploits a buffer overflow bug in the AIM for Windows client. By sending another AIM user a message containing 798 instances of a special string of characters, a malicious user can force the victimŒs AIM program to crash.
Because the AIM client software limits the number of characters that can be sent in an instant message, an AIM user canŒt simply cut and paste the buffer overflow code into the programŒs message area to crash another userŒs program, according to Lambiris, a member of a hacking group known as Angrypacket.
As a result, AIMrape requires that the user have installed an open-source version of the AIM client software known as Libfaim. AOLŒs AIM servers automatically sign off users who connect with Libfaim and other unauthorized clients after a few minutes, but it is possible to sign back on again after waiting a moment, according to Lambiris.
Because of the special skills needed to make AIMrape work, Lambiris said it is unlikely the program can be operated by average computer users.
Until a fix for the buffer overflow flaw is available from AOL, concerned AIM users can protect against the denial of service attack by using AIM Express, the Web-based version of the service. Users can also use the “Privacy” tab in the programŒs Preferences section to block all or selected users from sending IMs.
[Discuss]
- You must be logged in to reply to this topic.