[23679] in bugtraq
Re: AIM addendum
daemon@ATHENA.MIT.EDU (Matt Conover)
Wed Jan 2 15:42:31 2002
Date: Wed, 2 Jan 2002 23:00:40 +0300 (MSK)
From: Matt Conover <shok@dataforce.net>
To: Paul Schmehl <pauls@utdallas.edu>
Cc: bugtraq@securityfocus.com
In-Reply-To: <2082624.1009978928@pc47794.campus.ad.utdallas.edu>
Message-ID: <Pine.LNX.3.95.1020102230028.11933D-100000@cannabis.dataforce.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
> The temporary solution you provide would only protect you so long as all
> the buddies on your list were not compromised. As soon as one buddy is
> compromised, then you are vulnerable *through* that buddy. Or am I not
> clearly understanding this exploit?
Yes, which is why in the original advisory we recommended AIM filter be
installed. This will block the attack from anyone. So only allowing your
buddies to contact you in addition to installing AIM filter will keep you
secure until a new version of AIM comes out.
