Lucene search

[email protected]CVE-2004-0006

HistoryMar 03, 2004 - 5:00 a.m.

CVE-2004-0006

2004-03-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0006

gaim

ultramagnetic

buffer overflow

denial of service

arbitrary code execution

nvd

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.209 Low

EPSS

Percentile

96.3%

JSON

Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.

CPENameOperatorVersion
ultramagnetic:ultramagneticultramagneticle0.81
rob_flynn:gaimrob flynn gaimle0.75

CPE	Name	Operator	Version
ultramagnetic:ultramagnetic	ultramagnetic	le	0.81
rob_flynn:gaim	rob flynn gaim	le	0.75

References

ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc

ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc

archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html

distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813

marc.info/?l=bugtraq&m=107513690306318&w=2

marc.info/?l=bugtraq&m=107522432613022&w=2

security.e-matters.de/advisories/012004.html

security.gentoo.org/glsa/glsa-200401-04.xml

ultramagnetic.sourceforge.net/advisories/001.html

www.debian.org/security/2004/dsa-434

www.kb.cert.org/vuls/id/297198

www.kb.cert.org/vuls/id/371382

www.kb.cert.org/vuls/id/444158

www.kb.cert.org/vuls/id/503030

www.kb.cert.org/vuls/id/527142

www.kb.cert.org/vuls/id/871838

www.mandriva.com/security/advisories?name=MDKSA-2004:006

www.novell.com/linux/security/advisories/2004_04_gaim.html

www.osvdb.org/3731

www.osvdb.org/3732

www.redhat.com/support/errata/RHSA-2004-032.html

www.redhat.com/support/errata/RHSA-2004-033.html

www.redhat.com/support/errata/RHSA-2004-045.html

www.securityfocus.com/bid/9489

www.securitytracker.com/id?1008850

www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158

exchange.xforce.ibmcloud.com/vulnerabilities/14939

exchange.xforce.ibmcloud.com/vulnerabilities/14940

exchange.xforce.ibmcloud.com/vulnerabilities/14941

exchange.xforce.ibmcloud.com/vulnerabilities/14943

exchange.xforce.ibmcloud.com/vulnerabilities/14945

exchange.xforce.ibmcloud.com/vulnerabilities/14947

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818

7.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.209 Low

EPSS

Percentile

96.3%

JSON

Related for CVE-2004-0006

cert6 ubuntucve1 nessus6 redhat2 suse1 openvas6 debian2 securityvulns1 freebsd1 osv1