Bugtraq mailing list archives
Re: AIM addendum
From: "austin naremore" <austin () theatticspace com>
Date: Thu, 03 Jan 2002 16:56:48 -0500
it was fixed this morning AOL returns a nice message too: Error: message to <screenname here> bounced (Busted SNAC payload)
AIM fixed? Can anyone confirm? http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp Thanks, Mark C. ----- Original Message ----- From: Matt Conover <shok () dataforce net> To: Paul Schmehl <pauls () utdallas edu> Cc: <bugtraq () securityfocus com> Sent: Wednesday, January 02, 2002 12:00 PM Subject: Re: AIM addendumThe temporary solution you provide would only protect you so long
as all
the buddies on your list were not compromised. As soon as one
buddy is
compromised, then you are vulnerable *through* that buddy. Or am
I not
clearly understanding this exploit?Yes, which is why in the original advisory we recommended AIM
filter be
installed. This will block the attack from anyone. So only allowing
your
buddies to contact you in addition to installing AIM filter will
keep you
secure until a new version of AIM comes out.
Current thread:
- AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- Re: AIM addendum Matt Conover (Jan 02)
- Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
- Re: AIM addendum Mark Coleman (Jan 03)
- Re: AIM addendum Paul Schmehl (Jan 03)
- Re: AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
- Re: AIM addendum Tyler (Jan 04)