Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: MSN666 "backdoor"
From: "Seunghyun Seo" <s1980914 () inhavision inha ac kr>
Date: Sat, 15 Jun 2002 01:04:53 +0900


yeh, dude 

MSN666 has no backdoors , but gobble confused, he even wrote *alert mail ,
he seems to be very nervous against MSN666

actually , it has some bugs ,
coz of it is the proof of concept code for "Sensitive IM Security"

i don't think ppls use this as a Server like apache or mysql.
hehe


--
Seunghyun Seo , Inha university Group of Research for Unix Security
[e-mail] seo () igrus inha ac kr, seo () underground or kr
----- Original Message ----- 


I don't beleive that MSN666 has a backdoor. Is the function pattern2 safe
in it's use of sscanf? What if msg = "XXXXXXXXXXXXXXXXXAAAABBBB" is longer
than 16 bytes on line 254?

sscanf ( msg, "%s", &opmsg )

Any help is appreciated.

Keith Rogers
SecurityFocus
www.securityfocus.com



  By Date           By Thread  

Current thread:
  • Re: MSN666 "backdoor" Seunghyun Seo (Jun 14)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]