Bugtraq mailing list archives
AIM addendum
From: Matt Conover <shok () dataforce net>
Date: Wed, 2 Jan 2002 21:17:26 +0300 (MSK)
Before I get too many more questions about these issues, let me clarify a few things: 1. This vulnerable affects all AIM versions as far back as 4.3 (this is the farthest one back I've checked). I don't know if it affects the inline AIM used with Netscape. If it supports game requests, probably. Otherwise, it won't. 2. A temporary solution to this vulnerability is: 1. Go to your Preferences 2. Go to the Privacy section 3. Click "Allow only users on my Buddy List" under "who can contact me" This will disable the vulnerability because you will appear signed off to anyone not in your buddy 3. 3. The libfaim I used is the latest available from http://jgo.local.net/libfaim. Look at the Makefile in http://www.w00w00.org/files/w00aimexp/Makefile. I didn't find it necessary to change anything to build. Once libfaim is installed, reference the libfaim headers files by -I/path/to/headers (probably /usr/local/include/faim).
Current thread:
- AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- Re: AIM addendum Matt Conover (Jan 02)
- Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
- Re: AIM addendum Mark Coleman (Jan 03)
- Re: AIM addendum Paul Schmehl (Jan 03)
- Re: AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
- Re: AIM addendum Tyler (Jan 04)