Bugtraq mailing list archives
Re: AIM addendum
From: "Mark Coleman" <mcoleman () uniontown com>
Date: Thu, 3 Jan 2002 13:41:22 -0800
AIM fixed? Can anyone confirm? http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp Thanks, Mark C. ----- Original Message ----- From: Matt Conover <shok () dataforce net> To: Paul Schmehl <pauls () utdallas edu> Cc: <bugtraq () securityfocus com> Sent: Wednesday, January 02, 2002 12:00 PM Subject: Re: AIM addendum
The temporary solution you provide would only protect you so long as all the buddies on your list were not compromised. As soon as one buddy is compromised, then you are vulnerable *through* that buddy. Or am I not clearly understanding this exploit?Yes, which is why in the original advisory we recommended AIM filter be installed. This will block the attack from anyone. So only allowing your buddies to contact you in addition to installing AIM filter will keep you secure until a new version of AIM comes out.
Current thread:
- AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- Re: AIM addendum Matt Conover (Jan 02)
- Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
- Re: AIM addendum Mark Coleman (Jan 03)
- Re: AIM addendum Paul Schmehl (Jan 03)
- Re: AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
- Re: AIM addendum Tyler (Jan 04)