Vulnerability Development mailing list archives
Re: AIM 3.0
From: esl () CIO MED VA GOV (esl)
Date: Sun, 31 Oct 1999 12:42:09 -0500
We allow our users to connect to AOL via socks proxy. The server hosting socks is behind the firewall and has full access to the Internet through the firewall. Our we also vulnerable with this setup? Thanks. ESL Aviram Jenik wrote:
----- Original Message ----- From: "Paul Keefer" <paul () KEEFER ORG> To: <VULN-DEV () SECURITYFOCUS COM> Sent: Thursday, October 28, 1999 7:20 PM Subject: AIM 3.0I haven't seen any vulnerabilities listed for the version of AIM that is shipping with Netscape 4.7,This is a good time to remind everybody that AIM opens an IP tunnel back to AOL, effectively piercing the firewall and obviously putting the workstation running AIM (and possibly the rest of the machines on its local network) at risk. I haven't checked AIM 3.0, but this was true for previous AIM versions. We described this vulnerability in the past: http://www.securiteam.com/securityreviews/The_risks_of_using_an_AOL_client_b ehind_a_firewall.html
------------------------- Aviram Jenik SecuriTeam http://www.SecuriTeam.com
Current thread:
- Re: Accessing IE/Netscape incomming data, (continued)
- Re: Accessing IE/Netscape incomming data Bernhard Kirchmair (Oct 26)
- Re: Accessing IE/Netscape incomming data Alan Cox (Oct 26)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Re: Accessing IE/Netscape incomming data CyberPsychotic (Oct 26)
- AIM 3.0 Paul Keefer (Oct 28)
- Re: AIM 3.0 Aviram Jenik (Oct 28)
- Re: AIM 3.0 Blue Boar (Oct 30)
- Re: AIM 3.0 Daniel Reed (Oct 30)
- Re: AIM 3.0 Robert A. Seace (Oct 30)
- Re: AIM 3.0 Usman (Oct 31)
- Re: AIM 3.0 esl (Oct 31)
- Re: Accessing IE/Netscape incomming data Trevor Schroeder (Oct 26)
- Stealth executables (clarified) Brad Griffin (Oct 27)
- Re: linux userland ip spoofing vulnerability CyberPsychotic (Oct 26)
- Re: linux userland ip spoofing vulnerability Simple Nomad (Oct 27)
- Re: linux userland ip spoofing vulnerability Alan Cox (Oct 27)
- Re: linux userland ip spoofing vulnerability dave (Oct 27)