Vulnerability Development mailing list archives
Re: AIM 3.0 Buffer Overflow exploit
From: science () BCITY EFINGHAM K12 IL US (Jamal Hendershot)
Date: Sun, 19 Mar 2000 14:55:32 -0500
Here's a list of versions reported to be affected by this bug, which was sent to Bugtraq two weeks ago: 2.5.1366 2.5.1598 3.0.1470 3.5.1635 3.5.1670 3.5.1808
-----Original Message----- From: VULN-DEV List [mailto:VULN-DEV () SECURITYFOCUS COM]On Behalf Of lewkir () YAHOO COM Sent: Friday, March 17, 2000 12:33 PM To: VULN-DEV () SECURITYFOCUS COM Subject: AIM 3.0 Buffer Overflow exploit Don't know much about it except that it's perhaps sending an invalid ascii or unicode character, but if you send "̂" (no quotes) to a remote user, it will crash their AIM session, and possibly their computer. This bug does not exist in 3.5, and if you download 3.0 today, AOL has fixed this hole w/o telling anyone about it (i.e. if you downloaded 3.0 in the not recent past, you will be vulnerable). If the "attacker" is running the unpatched AIM, it will crash his/her computer as well. gAIM doesn't have this vulnerability.
Current thread:
- Re: Extending the FTP "ALG" vulnerability to any FTP client, (continued)
- Re: Extending the FTP "ALG" vulnerability to any FTP client Dug Song (Mar 11)
- Security auditing of network infrastructure Martin M Samson (Mar 11)
- information being stored from cgi forms Bob Johnson (Mar 10)
- Re: information being stored from cgi forms Crispin Cowan (Mar 10)
- Re: spoofing the ethernet address Timothy J. Miller (Mar 13)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 14)
- Re: spoofing the ethernet address John Flux (Mar 14)
- Re: spoofing the ethernet address Juan M. Courcoul (Mar 15)
- Linux Mandrake 6.1 PAM/userhelper exploit Paulo Ribeiro (Mar 16)
- AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
- Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
- Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 15)
- Re: spoofing the ethernet address James A. Robbins (Mar 15)
- Re: spoofing the ethernet address Pierre Landau (Mar 21)
- Re: spoofing the ethernet address Ex Machina (Mar 22)
- Re: spoofing the ethernet address (license managers) Eric Sherrill (Mar 24)
- IPSec research Bep Verberk (Mar 24)
- Re: IPSec research Dug Song (Mar 24)
- Re: IPSec research Mike Hudack (Mar 25)
- Re: IPSec research potential problem areas. Patrick Denton (Mar 25)
- Re: spoofing the ethernet address Ex Machina (Mar 22)