Gaim fails to properly validate the "name" parameter in the Yahoo login webpage

2004-05-06T00:00:00
ID VU:371382
Type cert
Reporter CERT
Modified 2004-05-06T00:00:00

Description

Overview

There is a buffer overflow vulnerability in the way the Gaim yahoo_login_page_hash() function parses the "name" parameter in the Yahoo login webpage.

Description

Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger (YMSG) protocol. There is a buffer overflow vulnerability in the yahoo_login_page_hash() function of Gaim's YMSG protocol. When parsing the Yahoo login webpage, the yahoo_login_page_hash() function fails to perform adequate bounds checking on the value of the "name" parameter. Although the source of this value should originate from a site controlled by Yahoo, an attacker may use several techniques (DNS spoofing, man-in-the-middle, etc.) to modify the values returned to the victim.


Impact

An attacker with the ability to control the "name" parameter returned to the victim could execute arbitrary code with the privileges of the vulnerable process.


Solution

Upgrade

Upgrade to Gaim version 0.76 or later.


Systems Affected

Vendor| Status| Date Notified| Date Updated
---|---|---|---
Gaim| | -| 06 May 2004
If you are a vendor and your product is affected, let us know.

CVSS Metrics

Group | Score | Vector
---|---|---
Base | N/A | N/A
Temporal | N/A | N/A
Environmental | N/A | N/A

References

Credit

This vulnerability was publicly reported by Stefan Esser of e-matters .

This document was written by Damon Morda.

Other Information

  • CVE IDs: CAN-2004-0006
  • Date Public: 26 Jan 2004
  • Date First Published: 06 May 2004
  • Date Last Updated: 06 May 2004
  • Severity Metric: 6.56
  • Document Revision: 13