Re: AIM addendum
From: Matt Conover (shok@dataforce.net)Date: 01/02/02
- Previous message: the Pull: "Re: IE GetObject() problems"
- In reply to: Paul Schmehl: "Re: AIM addendum"
- Next in thread: Juan M. de la Torre: "Heap overflow in snmpnetstat"
- Reply: Juan M. de la Torre: "Heap overflow in snmpnetstat"
- Reply: Mark Coleman: "Re: AIM addendum"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 2 Jan 2002 23:00:40 +0300 (MSK) From: Matt Conover <shok@dataforce.net> To: Paul Schmehl <pauls@utdallas.edu>
> The temporary solution you provide would only protect you so long as all
> the buddies on your list were not compromised. As soon as one buddy is
> compromised, then you are vulnerable *through* that buddy. Or am I not
> clearly understanding this exploit?
Yes, which is why in the original advisory we recommended AIM filter be
installed. This will block the attack from anyone. So only allowing your
buddies to contact you in addition to installing AIM filter will keep you
secure until a new version of AIM comes out.
- Previous message: the Pull: "Re: IE GetObject() problems"
- In reply to: Paul Schmehl: "Re: AIM addendum"
- Next in thread: Juan M. de la Torre: "Heap overflow in snmpnetstat"
- Reply: Juan M. de la Torre: "Heap overflow in snmpnetstat"
- Reply: Mark Coleman: "Re: AIM addendum"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
