Bugtraq mailing list archives

AIM addendum

From: Matt Conover <shok () dataforce net>
Date: Wed, 2 Jan 2002 21:17:26 +0300 (MSK)

Before I get too many more questions about these issues, let me clarify a
few things:

1. This vulnerable affects all AIM versions as far back as 4.3 (this is
the farthest one back I've checked). I don't know if it affects the inline
AIM used with Netscape. If it supports game requests, probably. Otherwise,
it won't.

2. A temporary solution to this vulnerability is:
   1. Go to your Preferences
   2. Go to the Privacy section
   3. Click "Allow only users on my Buddy List" under "who can contact me"

This will disable the vulnerability because you will appear signed off to
anyone not in your buddy 3.

3. The libfaim I used is the latest available from
http://jgo.local.net/libfaim. Look at the Makefile in 
http://www.w00w00.org/files/w00aimexp/Makefile. I didn't find it necessary
to change anything to build. Once libfaim is installed, reference the
libfaim headers files by -I/path/to/headers (probably
/usr/local/include/faim).

Current thread:

AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
  - Re: AIM addendum Matt Conover (Jan 02)
    - Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
    - Re: AIM addendum Mark Coleman (Jan 03)
    - Re: AIM addendum Paul Schmehl (Jan 03)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
  - Re: AIM addendum Tyler (Jan 04)