AIM addendum

• Previous message: Matt Conover: "w00w00 on AOL Instant Messenger (serious vulnerability)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date:         Wed, 2 Jan 2002 21:17:54 +0300
From: Matt Conover <shok@DATAFORCE.NET>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

Before I get too many more questions about these issues, let me clarify a
few things:

1. This vulnerable affects all AIM versions as far back as 4.3 (this is
the farthest one back I've checked). I don't know if it affects the inline
AIM used with Netscape. If it supports game requests, probably. Otherwise,
it won't.

2. A temporary solution to this vulnerability is:
   1. Go to your Preferences
   2. Go to the Privacy section
   3. Click "Allow only users on my Buddy List" under "who can contact me"

This will disable the vulnerability because you will appear signed off to
anyone not in your buddy 3.

3. The libfaim I used is the latest available from
http://jgo.local.net/libfaim. Look at the Makefile in
http://www.w00w00.org/files/w00aimexp/Makefile. I didn't find it necessary
to change anything to build. Once libfaim is installed, reference the
libfaim headers files by -I/path/to/headers (probably
/usr/local/include/faim).

============================================================================
Delivery co-sponsored by VeriSign - The Internet Trust Company
============================================================================
FREE E-COMMERCE SECURITY INFRASTRUCTURE GUIDE
When building an e-commerce site, you want to start with a strong, secure
foundation. Learn how with VeriSign's FREE White Paper, "Building an
E-Commerce Trust Infrastructure." See how you can authenticate your site to
customers, use 128-Bit SSL encryption to secure your web servers, and accept
secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n116965650045000
============================================================================

• Previous message: Matt Conover: "w00w00 on AOL Instant Messenger (serious vulnerability)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages AIM addendum ... This vulnerable affects all AIM versions as far back as 4.3 (this is ... AIM used with Netscape. ... This will disable the vulnerability because you will appear signed off to ... The libfaim I used is the latest available from ... (Bugtraq) Re: wifi security ... vulnerability pose an equal threat. ... If copper rf sniffing becomes popular some how, ... > In response to Dave Killion: ... IPSec over WiFi is just as secure as IPSec ... (Security-Basics) [NEWS] Cisco Secure Content Accelerator Vulnerable to SSL Worm ... Cisco's Secure Content Accelerator is also vulnerable ... Attempts to exploit the vulnerability described in CAN-2002-0656 cause the ... No official fix is as yet available from Cisco for this issue, ... (Securiteam) Re: AIM Version 4.7 vulnerable to hackers ... AOL CONFIRMS SECURITY HOLE IN AIM ... Flaw could leave PCs vulnerable to malicious code. ... > A buffer-overflow vulnerability in the latest version of America Online ... (comp.security.firewalls) Re: Writing Secure code ... Bug: the program doesn't do something which it is meant to do. ... Vulnerability: the program does something which it isn't meant to do. ... input data don't affect the output timings is somewhere ... sure that "completely secure" is a meaningful concept. ... (SecProg)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint