[23695] in bugtraq
Re: AIM addendum
daemon@ATHENA.MIT.EDU (austin naremore)
Thu Jan 3 19:36:02 2002
From: "austin naremore" <austin@theatticspace.com>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Message-Id: <E16MFqy-0005kT-00@titan.jtlnet.com>
Date: Thu, 03 Jan 2002 16:56:48 -0500
it was fixed this morning
AOL returns a nice message too:
Error: message to <screenname here> bounced (Busted SNAC payload)
> AIM fixed? Can anyone confirm?
>
> http://www.msnbc.com/modules/exports/ct_email.asp?/news/680950.asp
>
> Thanks,
>
> Mark C.
>
>
> ----- Original Message -----
> From: Matt Conover <shok@dataforce.net>
> To: Paul Schmehl <pauls@utdallas.edu>
> Cc: <bugtraq@securityfocus.com>
> Sent: Wednesday, January 02, 2002 12:00 PM
> Subject: Re: AIM addendum
>
>
> > > The temporary solution you provide would only protect you so long
as all
> > > the buddies on your list were not compromised. As soon as one
buddy is
> > > compromised, then you are vulnerable *through* that buddy. Or am
I not
> > > clearly understanding this exploit?
> >
> > Yes, which is why in the original advisory we recommended AIM
filter be
> > installed. This will block the attack from anyone. So only allowing
your
> > buddies to contact you in addition to installing AIM filter will
keep you
> > secure until a new version of AIM comes out.
>
>
>
