Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AIM 3.0

From: esl () CIO MED VA GOV (esl)
Date: Sun, 31 Oct 1999 12:42:09 -0500

We allow our users to connect to AOL via socks proxy. The server hosting socks
is behind the firewall and has full access to the Internet through the
firewall. Our we also vulnerable with this setup?

Thanks.

ESL

Aviram Jenik wrote:


----- Original Message -----
From: "Paul Keefer" <paul () KEEFER ORG>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Thursday, October 28, 1999 7:20 PM
Subject: AIM 3.0


I haven't seen any vulnerabilities listed for the version of
AIM that is shipping with Netscape 4.7,


This is a good time to remind everybody that AIM opens an IP tunnel back to
AOL, effectively piercing the firewall and obviously putting the workstation
running AIM (and possibly the rest of the machines on its local network) at
risk.
I haven't checked AIM 3.0, but this was true for previous AIM versions. We
described this vulnerability in the past:

http://www.securiteam.com/securityreviews/The_risks_of_using_an_AOL_client_b
ehind_a_firewall.html





-------------------------
Aviram Jenik
SecuriTeam
http://www.SecuriTeam.com
Previous By Date Next
Previous By Thread Next

Current thread: