Vulnerability Development mailing list archives
AIM 3.0
From: paul () KEEFER ORG (Paul Keefer)
Date: Thu, 28 Oct 1999 17:20:23 -0000
I haven't seen any vulnerabilities listed for the version of AIM that is shipping with Netscape 4.7, but I was wondering if anyone had noticed the file transfer capabilities? Basically it looks like a user can tell AIM to allow access to any files that user has rights to. When another AIM user either "gets" or "puts" a file, the transaction is coordinated by the AIM server, and the transfer appears to be initiated by the workstation serving the files. I don't even want to think about the number of buffer overruns and other bugs in this software just waiting to be exploited.
Current thread:
- Accessing IE/Netscape incomming data Derek Reynolds (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 25)
- Re: Accessing IE/Netscape incomming data Bernhard Kirchmair (Oct 26)
- Re: Accessing IE/Netscape incomming data Alan Cox (Oct 26)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 26)
- AIM 3.0 Paul Keefer (Oct 28)
- Re: AIM 3.0 Aviram Jenik (Oct 28)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)