[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AIM addendum

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: AIM addendum
From: "austin naremore" <austin@xxxxxxxxxxxxxxxxx>
Date: Thu, 03 Jan 2002 16:56:48 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

it was fixed this morning

AOL returns a nice message too:

Error: message to <screenname here> bounced (Busted SNAC payload)

> AIM fixed?  Can anyone confirm?
> 
> http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp
> 
> Thanks,
> 
> Mark C.
> 
> 
> ----- Original Message -----
> From: Matt Conover <shok@xxxxxxxxxxxxx>
> To: Paul Schmehl <pauls@xxxxxxxxxxxx>
> Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
> Sent: Wednesday, January 02, 2002 12:00 PM
> Subject: Re: AIM addendum
> 
> 
> > > The temporary solution you provide would only protect you so long 
as all
> > > the buddies on your list were not compromised.  As soon as one 
buddy is
> > > compromised, then you are vulnerable *through* that buddy.  Or am 
I not
> > > clearly understanding this exploit?
> >
> > Yes, which is why in the original advisory we recommended AIM 
filter be
> > installed. This will block the attack from anyone. So only allowing 
your
> > buddies to contact you in addition to installing AIM filter will 
keep you
> > secure until a new version of AIM comes out.
> 
> 
>

Follow-Ups:
- Re: AIM addendum
  - From: Tyler

Prev by Date: [AP] awhttpd v2.2 local DoS
Next by Date: Mail.com Cross Site Scripting Vulnerability
Previous by thread: Re: AIM addendum
Next by thread: Re: AIM addendum
Index(es):
- Date
- Thread

This mailing list archive is a service of Copilotco.