首页 -> 安全研究
安全研究
安全漏洞
AOL Instant Messenger远程缓冲区溢出漏洞
发布日期:2002-01-02
更新日期:2002-01-08
受影响系统:
AOL Instant Messenger 4.3描述:
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
AOL Instant Messenger 4.3.2229
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
AOL Instant Messenger 4.4
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
AOL Instant Messenger 4.5
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
AOL Instant Messenger 4.6
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
AOL Instant Messenger 4.7
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
AOL Instant Messenger 4.7.2480
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
AOL Instant Messenger 4.8.2616
- Microsoft Windows NT 4.0 SP6a
- Microsoft Windows NT 4.0 SP6
- Microsoft Windows NT 4.0 SP5
- Microsoft Windows NT 4.0 SP4
- Microsoft Windows NT 4.0 SP3
- Microsoft Windows NT 4.0 SP2
- Microsoft Windows NT 4.0 SP1
- Microsoft Windows NT 4.0
- Microsoft Windows CE 3.0
- Microsoft Windows CE 2.0
- Microsoft Windows 98
- Microsoft Windows 95
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
BUGTRAQ ID: 3769
CVE(CAN) ID: CVE-2002-0005
AOL Instant Messenger (AIM)是一款实时信息交互系统。
AIM在分析一个TLV(类别、长度、值)类型为0x2711的游戏请求存在漏洞,会引起缓冲区溢出,远程攻击者可以利用这个漏洞获得当前登陆用户的权限。
值得注意的是现在AIM用户不能阻止该类型请求。
AOL已经修改了他们的AIM服务器来防止这种攻击。
<*来源:Matt Conover (shok@dataforce.net)
链接:http://online.securityfocus.com/archive/1/248805
http://online.securityfocus.com/archive/1/247944
http://online.securityfocus.com/archive/1/247885
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://www.w00w00.org/files/w00aimexp.tgz
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 对软件做如下设置:
1. 进入AIM的属性页。
2. 选择Privacy项。
3. 在"Who can contact me"下的"Allow only users on my Buddy List"打上勾。
厂商补丁:
AOL
---
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载最新版本aim:
http://www.aol.com/aim/home.html
浏览次数:3037
严重程度:0(网友投票)
绿盟科技给您安全的保障