https://www.securityfocus.com/bid/89286
https://cxsecurity.com/issue/WLB-2005100004
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200510-013

CeruleanStudiosTrillian是一款老牌的即时通讯软件(IM)。CeruleanStudiosTrillian3.0允许远程攻击者借助从不同客户端的反向直接连接，引起拒绝服务(崩溃)，比如使用LICQ。

Hi!

I am using LICQ and when I want to establish a direct connection to Trillian using the ICQ protocol and a reverse connection is requested, Trillian crashes reproducable:

08:12:36: [TCP] Sending message to xxx (#1).
08:12:36: [PKT] Packet (SRVv0, 38 bytes) sent:
                (192.168.0.10:46810 -> 64.12.24.112:5190)
     0000: 2A 02 06 A6 00 20 00 04  00 14 00 00 00 00 00 1F   *..?. ..........
     0010: 00 00 00 00 00 00 00 00  00 01 09 31 32 30 36 38   ...........12068
     0020: 31 35 34 35 00 00                                  1545..
08:12:36: [TCP] Requesting reverse connection from xxx.
08:12:36: [PKT] Packet (SRVv0, 107 bytes) sent:
                (192.168.0.10:46810 -> 64.12.24.112:5190)
     0000: 2A 02 06 A7 00 65 00 04  00 06 00 00 00 00 00 20   *...e.........
     0010: 00 00 00 00 00 00 00 20  00 02 09 31 32 30 36 38   ....... ...12068
     0020: 31 35 34 35 00 05 00 43  00 00 00 00 00 00 00 00   1545...C........
     0030: 00 20 09 46 13 44 4C 7F  11 D1 82 22 44 45 53 54   . .F.DL..?."DEST
     0040: 00 00 00 0A 00 02 00 01  00 0F 00 00 27 11 00 1B   ............'...
     0050: 8B 7F 2A 00 3E B2 2D CF  A0 0F 00 00 04 0A 04 00   ..*.>?-? .......
     0060: 00 A0 0F 00 00 08 00 20  00 00 00                  . ..... ...
08:12:48: [PKT] Packet (SRVv0, 40 bytes) received:
                (192.168.0.10:46810 <- 64.12.24.112:5190)
     0000: 2A 02 53 BF 00 22 00 03  00 0C 00 00 8C F4 C9 18   *.S?."........
     0010: 09 31 32 30 36 38 31 35  34 35 00 00 00 02 00 01   .120681545......
     0020: 00 02 00 00 00 1D 00 00                            ........
08:12:48: [SRV] xxx went offline.

Seems that Trillian is having a problem with these reverse direct connections. I tested it recently with the latest Trillian 3.0.

The crash was firstly reported to Cerulan Studios in their Bug Forum in January:
http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea
1f36b237c9c&threadid=64889

Thanks
Philipp Kolmann

PS: Please Cc me, since I am not subscribed on the list.

Cerulean Studios Trillian 3.0

来源:MISC
链接:http://sourceforge.net/mailarchive/forum.php?thread_id=8315933&forum;_id=5420
来源:
链接:http://sourceforge.net/mailarchive/forum.php?thread_id=8315933&forum;_id=5420
来源:BUGTRAQ
名称:20051003Trillianremotecrashable
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112837909626441&w;=2
来源:BUGTRAQ
名称:20051003Trillianremotecrashable
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=112837909626441&w;=2
来源:MISC
链接:http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c&threadid;=64889
来源:MISC
链接:http://ceruleanstudios.com/forums/showthread.php?s=84987af3601384b1dc7ea1f36b237c9c&threadid;=64889
来源:OSVDB
名称:20006
链接:http://www.osvdb.org/20006
来源:SREASON
名称:43
链接:http://securityreason.com/securityalert/43