[23758] in bugtraq
Re: ICQ remote buffer overflow vulnerability
daemon@ATHENA.MIT.EDU (Nick FitzGerald)
Tue Jan 8 17:17:23 2002
Message-Id: <200201080217.PAA21989@fep3-orange.clear.net.nz>
From: "Nick FitzGerald" <nick@virus-l.demon.co.uk>
To: bugtraq@securityfocus.com
Date: Tue, 8 Jan 2002 15:18:10 +1200
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Reply-To: nick@virus-l.demon.co.uk
Cc: Daniel Tan <datan@seas.upenn.edu>
In-reply-to: <3C38ACAB.474676E2@seas.upenn.edu>
Daniel Tan <datan@seas.upenn.edu> wrote:
> Until AOL announces a patch/workaround, it is highly recommended to
> restrict receiving of events (other than normal messages) to
> contacts you know.
This is just like the old, and equally bogus, "advice" for preventing
being hit by mass mailing viruses -- "don't open attachments from
people you don't know". The implication taken from such advice is
that attachments from people you do know are necessarily "safe".
Better advice is to implement a method that prevents receipt of such
requests (or upgrade to the version thought unaffected by the bug).
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
