1 last small worthless AIM point

From: leon (leon@inyc.com)
Date: 01/30/02


From: "leon" <leon@inyc.com>
To: <security-basics@lists.securityfocus.com>
Date: Wed, 30 Jan 2002 09:13:26 -0500


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi everyone,

It has recently come to my attention that the buffer overflowing
affecting aim is still remotely exploitable.
I just thought that I would let the list know that CONTARY TO
PUBLISHED REPORTS the vulnerability is still being actively
exploited.

I did a little testing at home and it seems the newest version of the
aim client (4.8.2646) is NOT vulnerable.

I would also like to point out that this is a great reason why
shortcuts and security just don't play nicely together.

Instead of fixing and making a big point to let everyone know about
the vulnerability (as in we messed up but most
software companies do, here's a patch or you MUST download the newest
version,) AOL took the easy way out and claimed
to fix the problem at the server. Bull-cocky. If the problem is
fixed at the server how come I am still able to kick people
off with aimfilter? (rhetorical ;)

D'oh! AOl's engineers or Oracle's engineers; who is doing worse in
the month of January? One is breakable the other is remotely
exploitable. Hehe

Cheers to the group,

Leon

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBPFf/htqAgf0xoaEuEQL3zQCg69Gd7PbfHwxWMBL/E2QzTICqeuMAoKQl
/iQO3DkBt8aDMcymoh+84IiD
=uNkL
-----END PGP SIGNATURE-----