Bugtraq mailing list archives

Re: AIM addendum

From: "Mark Coleman" <mcoleman () uniontown com>
Date: Thu, 3 Jan 2002 13:41:22 -0800

AIM fixed?  Can anyone confirm?

http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp

Thanks,

Mark C.


----- Original Message -----
From: Matt Conover <shok () dataforce net>
To: Paul Schmehl <pauls () utdallas edu>
Cc: <bugtraq () securityfocus com>
Sent: Wednesday, January 02, 2002 12:00 PM
Subject: Re: AIM addendum

The temporary solution you provide would only protect you so long as all
the buddies on your list were not compromised.  As soon as one buddy is
compromised, then you are vulnerable *through* that buddy.  Or am I not
clearly understanding this exploit?


Yes, which is why in the original advisory we recommended AIM filter be
installed. This will block the attack from anyone. So only allowing your
buddies to contact you in addition to installing AIM filter will keep you
secure until a new version of AIM comes out.

Current thread:

AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
  - Re: AIM addendum Matt Conover (Jan 02)
    - Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
    - Re: AIM addendum Mark Coleman (Jan 03)
    - Re: AIM addendum Paul Schmehl (Jan 03)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
  - Re: AIM addendum Tyler (Jan 04)