Bugtraq mailing list archives
Re: AIM addendum
From: Paul Schmehl <pauls () utdallas edu>
Date: Thu, 03 Jan 2002 15:10:54 -0600
This appears to be a quite cynical attempt at "fixing" a problem. The fact is that all the AIM clients still contain the buffer overflow revealed in Matt's advisory. All that is required now is for some enterprising soul to construct an exploit that locates listening clients and exploits them directly, rather than through the AOL servers.
How long do you think that will take? 5 hours?--On Thursday, January 03, 2002 1:41 PM -0800 Mark Coleman <mcoleman () uniontown com> wrote:
AIM fixed? Can anyone confirm? http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp
Paul Schmehl (pauls () utdallas edu) Supervisor of Support Services The University of Texas at Dallas AVIEN Founding Member
Current thread:
- AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- Re: AIM addendum Matt Conover (Jan 02)
- Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
- Re: AIM addendum Mark Coleman (Jan 03)
- Re: AIM addendum Paul Schmehl (Jan 03)
- Re: AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
- Re: AIM addendum Tyler (Jan 04)