Bugtraq mailing list archives
AOL Provided Programs
From: MSHINES () freh-02 adpc purdue edu (Michael S. Hines)
Date: 7 Dec 94 08:00:05 EST
Jim Littlefield says --
Something to remember is that AOL provides a program for users to use when dialing in. A bad security hole would exist if this program supports any "magic" headers, etc. Just my $0.02. --
Has anyone reverse engineered the program(s - DOS/WIN/MAC versions) to develop an "Undocumented AOL"? Should be able to identify any magic doors provided. One other possible exposure - with AOL it is possible to set an option to "expand on exit" which calls their EXPAND program to expand compressed transfers. This program could make the mistake of also executing a file transferred (I don't think it does) before you have a chance to apply your favorite virus scanner to it. Isn't life in the fast lane fun! ---------------------------------------------------------------------- Internet: mshines () ia purdue edu | Michael S. Hines Bitnet: michaelh@purccvm | Sr. Information Systems Auditor Purdue WIZARD Mail: MSHINES | Purdue University GTE Net Voice: (317) 494-5845 | 1065 Freehafer Hall GTE Net FAX: (317) 496-1814 | West Lafayette, IN 47907-1065 CompuServe: 73240,1631 |
Current thread:
- Re: /dev/tcp, and a LD_LIBRARY_PATH question., (continued)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Pat Myrto (Dec 03)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. jim () Tadpole COM (Dec 02)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Ken Descoteaux (Dec 05)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Casper Dik (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Doug Hughes (Dec 05)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Bonfield James (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Todd C. Miller (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Bonfield James (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. hoodr () hoodr slip netcom com (Dec 05)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. James R. Ault (Dec 06)
- Re: /dev/tcp, and a LD_LIBRARY_PATH question. Pat Myrto (Dec 07)
- AOL Provided Programs Michael S. Hines (Dec 07)