Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vuln-Dev> 1999-q4

Exploit-Dev Archives: Re: AIM 3.0

Re: AIM 3.0

Blue Boar (BlueBoarTHIEVCO.COM)
Sat, 30 Oct 1999 14:26:07 +0000

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Blue Boar: "Re: ICQ 2000"
Previous message: 3APA3A: "FreeBSD listen() again"
Next in thread: Daniel Reed: "Re: AIM 3.0"
Reply: Daniel Reed: "Re: AIM 3.0"
Reply: Robert A. Seace: "Re: AIM 3.0"

Paul Keefer wrote:
>
> I haven't seen any vulnerabilities listed for the version of
> AIM that is shipping with Netscape 4.7, but I was wondering
> if anyone had noticed the file transfer capabilities?
>
> Basically it looks like a user can tell AIM to allow access
> to any files that user has rights to. When another AIM
> user either "gets" or "puts" a file, the transaction is
> coordinated by the AIM server, and the transfer appears to
> be initiated by the workstation serving the files.
>
> I don't even want to think about the number of buffer
> overruns and other bugs in this software just waiting to be
> exploited.

Another list subscriber pointed out that AIM creates a tunnel
of sorts (as does the AOL client itself when used over IP.)

That line of thought should be pointed out here - once. Let's
steer the discussion away from whether or not it does dangerous
things behind firewalls (it does.. and it's discussed over and
over on firewall lists.)

As for buffer overflows and other bad designs: They must be there.
I say this based on size, features, time to market, etc..

I played briefly with AIM with one of the 2.x clients. One thing
I noticed, for example, is that it doesn't generally allow raw
HTML to be sent. In fact, the client is set up to not allow it.
One wonders if that's just client-side security, or if it's
also enforced on the server end.

As for overflows... there was the twsited rumor situation about AIM
overflows, apparantly spread by an MS employee?? Anyone ever get
verfication on that one?

I think I recall that someone did an open source AIM client,
for unix? That would probably be an excellent place to start.
Does AIM have a web interface for folks who don't have the AIM
code installed?

Just a few thoughts to give people places to look.

Next message: Blue Boar: "Re: ICQ 2000"
Previous message: 3APA3A: "FreeBSD listen() again"
Next in thread: Daniel Reed: "Re: AIM 3.0"
Reply: Daniel Reed: "Re: AIM 3.0"
Reply: Robert A. Seace: "Re: AIM 3.0"

This archive was generated by hypermail 2.0b3 on Sat Oct 30 1999 - 16:34:06 CDT