AOL Instant Messenger (AIM) and ICQ file transfer directory traversal
| aim-icq-filetransfer-directory-traversal (33538) |  Medium Risk |
Description:
AOL Instant Messenger (AIM) and ICQ could allow a remote attacker to traverse directories on the system. By persuading a victim to accept a specially-crafted file transfer request containing "dot dot" sequences (/../) , a remote attacker could traverse directories and write files to arbitrary directories on the victim's system.
Note: In order to exploit this vulnerability using ICQ, the attacker is required to be on the contact list of the victim.
*CVSS:
| Base Score: | 2.8 |
| Access Vector: | Remote |
| Access Complexity: | High |
| Authentication: | Not Required |
| Confidentiality Impact: | None |
| Integrity Impact: | Partial |
| Availability Impact: | None |
| Temporal Score: | 2.4 |
| Exploitability: | High |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
File Manipulation
Remedy:
For AIM:
Upgrade to the latest version of AIM (6.1 or later), available from the AIM Web site. See References.
For ICQ:
AOL has provided an update for this vulnerability to all AOL ICQ users, which should be automatically applied once connected to the ICQ service from the ICQ Web site. See References.
References:
- AIM Web site: AIM 6.1.
- ICQ Web site: ICQ.
- iDefense Labs PUBLIC ADVISORY: 04.09.07: AOL AIM and ICQ File Transfer Path-Traversal Vulnerability.
- BID-23391: AOL AIM and ICQ Clients Directory Traversal Vulnerability
- CVE-2007-1904: Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 and earlier, and ICQ 5.1 and probably earlier, allows user-assisted remote attackers to write files to arbitrary locations via a .. (dot dot) in a filename in a file transfer operation.
- SA24747: AOL Instant Messenger File Transfer Directory Traversal Vulnerability
- SA24803: ICQ File Transfer Directory Traversal Vulnerability
- SECTRACK ID: 1017890: AIM File Transfer Traversal Flaw Lets Remote Users Modify the Storage Location During a File Transfer
- SECTRACK ID: 1017891: ICQ File Transfer Traversal Flaw Lets Remote Users Modify the Storage Location During a File Transfer
- VUPEN/ADV-2007-1306: ICQ File Transfer Processing Remote Directory Traversal Vulnerability
- VUPEN/ADV-2007-1307: AOL Instant Messenger File Transfer Feature Remote Directory Traversal Vulnerability
Platforms Affected:
- AOL AOL Instant Messenger 5.9
- ICQ America Online (AOL) ICQ 5.1 and prior
Reported:
Apr 09, 2007
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.