|
|
|
|
| |
| AOL's Instant Messenger client (AIM) has been reported to exploit buffer overflow vulnerability as part of its normal authentication process. Instant Messenger allows AOL users to send short messages between its users. A buffer overflow in AIM was recently discovered and it is allegedly used by AOL to determine whether the client requesting to logon into the AOL system is a genuine AOL Instant Messenger client or any other client (such as Microsoft's MSN Messenger). |
| |
Credit:
This information has been provided by: Richard M. Smith.
This buffer overflow was first detected by: Robert Graham.
|
| |
Apparently AOL is using this buffer overflow vulnerability to determine if someone is running the AOL client software or the Microsoft MSN Messenger client software. When MSN Messenger is detected users are refused service on the AOL system.
The buffer error is though to be used as follows:
During the AIM logon sequence, the AOL servers send down a packet to a client machine with about 40 bytes of Intel x86 assembler code in it. This code gets executed by the client because of a buffer overflow bug (the logon packet is stored inside a buffer which is too small, causing an overflow and the execution of the inserted arbitrary code).
The downloaded code causes the client to send back a secret response to the AOL servers. If the servers don't see this response, they then bounce the user under the assumption the client software must be other than AIM (for example, the MSN Messenger).
If this buffer overflow error is real, AOL can download any x86 code in the future, which generates different responses from the client. With this way, they can constantly stay a few days ahead of Microsoft in this war like game (Where AOL does not want Microsoft to send messages to its users). But this is a huge risk for AIM users; since this means AOL might be able to execute arbitrary code on the clients machines, and that malicious attackers can use this exploit to penetrate the compromise the security of AIM client machines.
Geoff Chappell has a done a detailed analysis of the AIM code and has located the actual bug. His write-up on the bug can be found at these two URLs:
http://www.ozemail.com.au/~geoffch/security/aim/
http://www.ozemail.com.au/~geoffch/security/aim/preliminary.htm
He also provides details on how the special AOL packet is executed by this buffer overflow error.
Meanwhile, AOL continues to publicly deny anything is amiss in their AOL client. In a press articles recently they claimed that there is no buffer overflow error in the client software and even more that they are not doing anything to compromise the security of their AIM customers.
|
|
|
|
|
|
|
|
|
|
