[unisog] heads up on skype buffer overflow

Peter Van Epp vanepp at sfu.ca
Fri Oct 28 02:11:21 GMT 2005

	While I expect I'm preaching to the choir (you all likely being on the
SANS @risk list), there is a buffer overflow in the skype clients. This has
the potential for being very exciting given that skype (with your users able
assistance) will happily bypass your firewalls (typically using me to proxy :-))
and thus could get quite nasty. The wise among you (i.e. those running argus
:-)) can scan for tcp connections to dst port 33033 with something along the 
lines of

ra -r /usr/local/argus/com_argus.archive/2005/10/26/* -nn dst port 33033 and tcp

which (along with some false positives) will catch hosts connecting to the 
skype directory service which gives you a good group to forward the @risk 
advisory (or just "upgrade your skype client NOW") to and/or to watch later
when the first exploit hits.

Peter Van Epp / Operations and Technical Support 
Simon Fraser University, Burnaby, B.C. Canada

More information about the unisog mailing list