AIMsniff contains a flaw that may allow a malicious user to overwrite any file on your filesystem. The issue is triggered when AIMsniff exists, and writes to /tmp/AS.log. It is possible that the flaw may allow a race condition resulting in a loss of integrity and availability.

The variable $debug2 is a static allways set to true
The following will allways occour in function LeaveNow():
if($debug2){
open(LOG,">/tmp/AS.log") or die "Could not open debug file: $^E\n";
print LOG "$debugmsg\n";
close(LOG);
}

Upgrade to version 0.9d or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s):

in aimsniff.pl, change the line saying:
open(LOG,">/tmp/AS.log") or die "Could not open debug file: $^E\n";

to:
unlink("/tmp/AS.log"); sysopen(FH,"/tmp/AS.log",O_WRONLY|O_EXECL|O_CREAT,0600);

(or)

Change (at line 55):
my $debug2=1;

to:
my $debug2=0;

• ISS X-Force ID: 15199
• CVE ID: 2004-0279 (see also: NVD)
• Bugtraq ID: 9653
• Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=107662243303439&w=2
• Vendor URL: http://www.aimsniff.com
• Vendor Specific Solution URL: http://www.aimsniff.com/forum/viewtopic.php?t=509

• Martin - broadcastptraced.net -