Vulnerability Development mailing list archives

AIM 3.0

From: paul () KEEFER ORG (Paul Keefer)
Date: Thu, 28 Oct 1999 17:20:23 -0000


I haven't seen any vulnerabilities listed for the version of
AIM that is shipping with Netscape 4.7, but I was wondering
if anyone had noticed the file transfer capabilities?

Basically it looks like a user can tell AIM to allow access
to any files that user has rights to.   When another AIM
user either "gets" or "puts" a file, the transaction is
coordinated by the AIM server, and the transfer appears to
be initiated by the workstation serving the files.

I don't even want to think about the number of buffer
overruns and other bugs in this software just waiting to be
exploited.

Current thread:

Accessing IE/Netscape incomming data Derek Reynolds (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 25)
- Re: Accessing IE/Netscape incomming data Bernhard Kirchmair (Oct 26)
- Re: Accessing IE/Netscape incomming data Alan Cox (Oct 26)
  - Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
    - Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 26)
    - AIM 3.0 Paul Keefer (Oct 28)
    - Re: AIM 3.0 Aviram Jenik (Oct 28)
    - Re: AIM 3.0 Blue Boar (Oct 30)
    - Re: AIM 3.0 Daniel Reed (Oct 30)
    - Re: AIM 3.0 Robert A. Seace (Oct 30)
    - Re: AIM 3.0 Usman (Oct 31)
    - Re: AIM 3.0 esl (Oct 31)
  - Stealth executables (clarified) Brad Griffin (Oct 27)
- linux userland ip spoofing vulnerability Boo Hampshire (Oct 26)
  - Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
    - Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)

(Thread continues...)