[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AIM addendum

To: Mark Coleman <mcoleman@xxxxxxxxxxxxx>, Matt Conover <shok@xxxxxxxxxxxxx>
Subject: Re: AIM addendum
From: Paul Schmehl <pauls@xxxxxxxxxxxx>
Date: Thu, 03 Jan 2002 15:10:54 -0600
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <001901c1949f$64d86a20$52740a0a@sjdf>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <001901c1949f$64d86a20$52740a0a@sjdf>

This appears to be a quite cynical attempt at "fixing" a problem. The factis that all the AIM clients still contain the buffer overflow revealed inMatt's advisory. All that is required now is for some enterprising soul toconstruct an exploit that locates listening clients and exploits themdirectly, rather than through the AOL servers.


How long do you think that will take?  5 hours?

--On Thursday, January 03, 2002 1:41 PM -0800 Mark Coleman<mcoleman@xxxxxxxxxxxxx> wrote:

AIM fixed?  Can anyone confirm?

http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp


Paul Schmehl (pauls@xxxxxxxxxxxx)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member

References:
- Re: AIM addendum
  - From: Mark Coleman

Prev by Date: Stunnel: Format String Bug update
Next by Date: [AP] awhttpd v2.2 local DoS
Previous by thread: Re: AIM addendum
Next by thread: Re: AIM addendum
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilotco.