[23693] in bugtraq
Re: AIM addendum
daemon@ATHENA.MIT.EDU (Paul Schmehl)
Thu Jan 3 18:03:41 2002
Date: Thu, 03 Jan 2002 15:10:54 -0600
From: Paul Schmehl <pauls@utdallas.edu>
To: Mark Coleman <mcoleman@uniontown.com>, Matt Conover <shok@dataforce.net>
Cc: bugtraq@securityfocus.com
Message-ID: <93805174.1010070653@pc47794.campus.ad.utdallas.edu>
In-Reply-To: <001901c1949f$64d86a20$52740a0a@sjdf>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
This appears to be a quite cynical attempt at "fixing" a problem. The fact
is that all the AIM clients still contain the buffer overflow revealed in
Matt's advisory. All that is required now is for some enterprising soul to
construct an exploit that locates listening clients and exploits them
directly, rather than through the AOL servers.
How long do you think that will take? 5 hours?
--On Thursday, January 03, 2002 1:41 PM -0800 Mark Coleman
<mcoleman@uniontown.com> wrote:
> AIM fixed? Can anyone confirm?
>
> http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp
Paul Schmehl (pauls@utdallas.edu)
Supervisor of Support Services
The University of Texas at Dallas
AVIEN Founding Member
