Flaw Leaves AIM Clients Open to Crashes

A group of hackers on Tuesday released an exploit that takes advantage of a flaw in America Online Inc.s Instant Messenger program and remotely crashes another users AIM client.

A buffer overrun flaw in the latest version of AIM enables an attacker to crash another users client by sending a large string of specific characters. The victim would then have to restart the AIM service.

The AIM flaw has been discussed since late last week on the Vuln-Dev security mailing list, and several people complained of having their AIM clients mysteriously crash. But it wasnt until Tuesday that the hacker group known as Angrypacket posted on its Web site an exploit called AIMrape that enables attackers to easily mount such an attack.

The buffer overrun problem affects Version 4.7.2480 of AIM, as well as previous releases.

The author of the AIMrape tool, Tony Lambiris, also posted it to the Bugtraq mailing list on Tuesday. He said that he had seen several posts about the AIM flaw on Vuln-Dev and had heard rumors that an exploit had been floating around the hacker underground for a few weeks.

When someone posted a packet log showing what happened when his AIM client was attacked, Lambiris was able to use the information to create his own AIM client that can execute the attack.

This was necessary because the official AIM client limits the number of characters a user can send in one message. Thus, the huge string of characters needed to execute the attack could not be sent using the AIM software.

Lambiris said he wrote the tool because he believes in full disclosure of security vulnerabilities.

“I dont believe that the elite few should know about bugs and have exploits for them,” he said.