IM client vulnerable to attack
Published: 23 Aug 2002 09:12 BST
Users of messenger client Trillian are vulnerable to attack, according to information security analyst John Hennessy.
Hennessy has published a proof-of-concept showing the latest version of Trillian, v0.73, is vulnerable to a buffer-overflow attack that will allow individuals with malicious intent to run any program on the computer.
Trillion is a piece of software that allows you to connect to ICQ, AOL Instant Messenger, MSN Messenger, Yahoo! Messenger and IRC with a single interface, despite some companies actively avoiding messenger interoperability.
According to Jason Ross, senior analyst at amr interactive, in June 2002 there were 28,000 home users of Trillian in Australia, about 0.4 percent of the Internet population, and 55,000 people using it at work, about 1.8 percent of the Internet population.
David Banes, regional manager of Symantec security response, told ZDNet Australia the code appeared to be valid.
"With these sort of things you have to find some process that would accept a connection, then throw loads of random data at it and get it to crash," he said. "Once it's crashed, you can try to find a way to exploit it."
He said the proof-of-concept that was published is designed to run on Notepad, but could be easily modified to run any program on the system. He said the problem was easy to fix by "writing protective code around that particular piece to more closely validate the data around that piece."
"Because people are pushed for productivity you tend to leave out the checks and balances you should put in, which is why we have all these buffer overflows and exploits out there now," said Banes.
Cerulean Studios, creator of Trillian, was contacted for comment but had not responded by the time of publication.
Have your say instantly, and see what others have said. Go to the Security forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
57 out of 95 people found this useful
- Share this article:
