Vulnerability Development mailing list archives
Re: AIM 3.0
From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sat, 30 Oct 1999 14:26:07 +0000
Paul Keefer wrote:
I haven't seen any vulnerabilities listed for the version of AIM that is shipping with Netscape 4.7, but I was wondering if anyone had noticed the file transfer capabilities? Basically it looks like a user can tell AIM to allow access to any files that user has rights to. When another AIM user either "gets" or "puts" a file, the transaction is coordinated by the AIM server, and the transfer appears to be initiated by the workstation serving the files. I don't even want to think about the number of buffer overruns and other bugs in this software just waiting to be exploited.
Another list subscriber pointed out that AIM creates a tunnel of sorts (as does the AOL client itself when used over IP.) That line of thought should be pointed out here - once. Let's steer the discussion away from whether or not it does dangerous things behind firewalls (it does.. and it's discussed over and over on firewall lists.) As for buffer overflows and other bad designs: They must be there. I say this based on size, features, time to market, etc.. I played briefly with AIM with one of the 2.x clients. One thing I noticed, for example, is that it doesn't generally allow raw HTML to be sent. In fact, the client is set up to not allow it. One wonders if that's just client-side security, or if it's also enforced on the server end. As for overflows... there was the twsited rumor situation about AIM overflows, apparantly spread by an MS employee?? Anyone ever get verfication on that one? I think I recall that someone did an open source AIM client, for unix? That would probably be an excellent place to start. Does AIM have a web interface for folks who don't have the AIM code installed? Just a few thoughts to give people places to look. BB
Current thread:
- Accessing IE/Netscape incomming data Derek Reynolds (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 25)
- Re: Accessing IE/Netscape incomming data Bernhard Kirchmair (Oct 26)
- Re: Accessing IE/Netscape incomming data Alan Cox (Oct 26)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 26)
- AIM 3.0 Paul Keefer (Oct 28)
- Re: AIM 3.0 Aviram Jenik (Oct 28)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)