Vulnerability Development mailing list archives

Re: AIM 3.0

From: aviram () SECURITEAM COM (Aviram Jenik)
Date: Thu, 28 Oct 1999 23:51:07 +0200


----- Original Message -----
From: "Paul Keefer" <paul () KEEFER ORG>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, October 28, 1999 7:20 PM
Subject: AIM 3.0

I haven't seen any vulnerabilities listed for the version of
AIM that is shipping with Netscape 4.7,


This is a good time to remind everybody that AIM opens an IP tunnel back to
AOL, effectively piercing the firewall and obviously putting the workstation
running AIM (and possibly the rest of the machines on its local network) at
risk.
I haven't checked AIM 3.0, but this was true for previous AIM versions. We
described this vulnerability in the past:

http://www.securiteam.com/securityreviews/The_risks_of_using_an_AOL_client_b
ehind_a_firewall.html

-------------------------
Aviram Jenik
SecuriTeam
http://www.SecuriTeam.com

Current thread:

Accessing IE/Netscape incomming data Derek Reynolds (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 25)
- Re: Accessing IE/Netscape incomming data Bernhard Kirchmair (Oct 26)
- Re: Accessing IE/Netscape incomming data Alan Cox (Oct 26)
  - Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
    - Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 26)
    - AIM 3.0 Paul Keefer (Oct 28)
    - Re: AIM 3.0 Aviram Jenik (Oct 28)
    - Re: AIM 3.0 Blue Boar (Oct 30)
    - Re: AIM 3.0 Daniel Reed (Oct 30)
    - Re: AIM 3.0 Robert A. Seace (Oct 30)
    - Re: AIM 3.0 Usman (Oct 31)
    - Re: AIM 3.0 esl (Oct 31)
  - Stealth executables (clarified) Brad Griffin (Oct 27)
- linux userland ip spoofing vulnerability Boo Hampshire (Oct 26)
  - Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
    - Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
  - Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)

(Thread continues...)