[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AIM addendum

To: Matt Conover <shok@xxxxxxxxxxxxx>, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: AIM addendum
From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Wed, 02 Jan 2002 13:42:08 -0600
In-reply-to: <Pine.LNX.3.95.1020102211024.22549O-100000@xxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <Pine.LNX.3.95.1020102211024.22549O-100000@xxxxxxxxxxxxxxxxxxxxx t>

The temporary solution you provide would only protect you so long as allthe buddies on your list were not compromised. As soon as one buddy iscompromised, then you are vulnerable *through* that buddy. Or am I notclearly understanding this exploit?

--On Wednesday, January 02, 2002 9:17 PM +0300 Matt Conover<shok@xxxxxxxxxxxxx> wrote:


2. A temporary solution to this vulnerability is:
   1. Go to your Preferences
   2. Go to the Privacy section
   3. Click "Allow only users on my Buddy List" under "who can contact me"

This will disable the vulnerability because you will appear signed off to
anyone not in your buddy 3.


Paul Schmehl (pauls@xxxxxxxxxxxx)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member

Follow-Ups:
- Re: AIM addendum
  - From: Matt Conover

References:
- AIM addendum
  - From: Matt Conover

Prev by Date: RE: w00w00 on AOL Instant Messenger (serious vulnerability)
Next by Date: Re: AIM addendum
Previous by thread: AIM addendum
Next by thread: Re: AIM addendum
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilotco.