[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Re: Yahoo Instant Messenger Long Filename Downloading Buffer Overflow

To: trihuynh@zeeup.com
Subject: [Full-Disclosure] Re: Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
From: "Santos Rayes" <santosreyes2001@hotmail.com>
Date: Thu, 08 Jan 2004 17:42:52 +0000

On Thu, Jan 08, 2004 at 03:38:43AM -0800, Tri Huynh wrote:

VULNERABLE VERSIONS: 5.6.0.1351 and below

For a fast demonstration, you can create a file like this
 "test<insert around 210 spaces here>.jpg" and send it to
 another user and ask her to download it.


can't reproduce this. have 1351 and 1347 and transfers don't
progress between them when name is more than 193 characters.
there was maybe an adjustment of the server but those versions
don't seem vulnerable either.

santos

_________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- [Full-Disclosure] 3 new MS patches next week... but none fix 0x01!
  - From: "Exibar" <exibar@thelair.com>
- Re: [Full-Disclosure] Re: Yahoo Instant Messenger Long Filename Downloading Buffer Overflow
  - From: "Tri Huynh" <trihuynh@zeeup.com>

Prev by Date: [Full-Disclosure] MDKSA-2004:001 - Updated kernel packages fix local root vulnerability
Next by Date: [Full-Disclosure] Cisco Security Advisory: Cisco Personal Assistant User Password Bypass Vulnerability
Previous by thread: [Full-Disclosure] MDKSA-2004:001 - Updated kernel packages fix local root vulnerability
Next by thread: [Full-Disclosure] 3 new MS patches next week... but none fix 0x01!
Index(es):
- Date
- Thread