lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: andrewg at d2.net.au (andrewg@...net.au)
Subject: Advisory 02/2004: Trillian remote overflows-> maybe this is off-topic, but...

Hi,

On the subject of trillian..

Well, for what its worth, there is a format string in the parsing of KILL
messages by trillian (:. requiring you have have oper or RW access to a
clients connection).

Attached is an exploit... not complete, something I was working on and
lost interest. (http://felinemenace.org/~andrewg/split_search.py might be
useful for other irc clients exploits for large shellcodes)..

There seems to be a race involved. The shellcode basically moves around
and gets mangled lots by the display thread or something. I was thinking
that straight ascii-shellcode would be the way to go, or a modification of
split search so it didn't use various stuff like - or < etc.

There is most likely an easier way of exploiting this bug, but *shrug*

Enjoy,
Andrew Griffiths

>> >    "What is Trillian?
>> >
>> >     Trillian is a skinnable, interoperable instant messaging client.
>> Grab the best IM client available on the Internet today!
>> >     Trillian .74 is completely free, with no spyware and no ads.
>> Over 10 million downloads can't be wrong!"
>>
>>"Completely free". Aha. Where is the source code and a suitable license
>> to modify and share modifications?
>>
>>"No spyware". Aha. How can we know without the source? Well, I guess we
>> have to take their word.
>
> No, you're free to reverse engineer Trillian (they might sue you,
> though).  Everything is "open source" if you know assembler.
>
> _________________________________________________________________
> Click, drag and drop. My MSN is the simple way to design your homepage.
> http://click.atdmt.com/AVE/go/onm00200364ave/direct/01/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: trillian-kill-fmtstr.py
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040225/f3c26380/trillian-kill-fmtstr.ksh

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ