Re: AIM addendum

From: Paul Schmehl (paulsat_private)
Date: Thu Jan 03 2002 - 13:10:54 PST

Next message: methodic: "[AP] awhttpd v2.2 local DoS"

Previous message: Brian Hatch: "Stunnel: Format String Bug update"
In reply to: Mark Coleman: "Re: AIM addendum"
Next in thread: austin naremore: "Re: AIM addendum"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This appears to be a quite cynical attempt at "fixing" a problem.  The fact 
is that all the AIM clients still contain the buffer overflow revealed in 
Matt's advisory.  All that is required now is for some enterprising soul to 
construct an exploit that locates listening clients and exploits them 
directly, rather than through the AOL servers.

How long do you think that will take?  5 hours?

--On Thursday, January 03, 2002 1:41 PM -0800 Mark Coleman 
<mcolemanat_private> wrote:

> AIM fixed?  Can anyone confirm?
>
> http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp

Paul Schmehl (paulsat_private)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member

Next message: methodic: "[AP] awhttpd v2.2 local DoS"
Previous message: Brian Hatch: "Stunnel: Format String Bug update"
In reply to: Mark Coleman: "Re: AIM addendum"
Next in thread: austin naremore: "Re: AIM addendum"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 15:15:38 PST