ID CVE-2005-2103 Type cve Reporter NVD Modified 2017-10-10T21:30:13
Description
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
{"result": {"osvdb": [{"id": "OSVDB:18669", "type": "osvdb", "title": "Gaim Away Message Processing Remote Overflow", "description": "## Vulnerability Description\nA remote overflow exists in gaim. The program fails to validate away messages resulting in a buffer overflow. With a specially crafted away message, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 1.5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nA remote overflow exists in gaim. The program fails to validate away messages resulting in a buffer overflow. With a specially crafted away message, an attacker can cause arbitrary code execution resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://gaim.sourceforge.net/security/index.php?id=22)\nSecurity Tracker: 1014649\n[Secunia Advisory ID:16384](https://secuniaresearch.flexerasoftware.com/advisories/16384/)\n[Secunia Advisory ID:16437](https://secuniaresearch.flexerasoftware.com/advisories/16437/)\n[Secunia Advisory ID:16387](https://secuniaresearch.flexerasoftware.com/advisories/16387/)\n[Secunia Advisory ID:16423](https://secuniaresearch.flexerasoftware.com/advisories/16423/)\n[Secunia Advisory ID:16436](https://secuniaresearch.flexerasoftware.com/advisories/16436/)\n[Secunia Advisory ID:16442](https://secuniaresearch.flexerasoftware.com/advisories/16442/)\n[Secunia Advisory ID:16483](https://secuniaresearch.flexerasoftware.com/advisories/16483/)\n[Secunia Advisory ID:16637](https://secuniaresearch.flexerasoftware.com/advisories/16637/)\n[Secunia Advisory ID:16379](https://secuniaresearch.flexerasoftware.com/advisories/16379/)\n[Secunia Advisory ID:16535](https://secuniaresearch.flexerasoftware.com/advisories/16535/)\n[Related OSVDB ID: 18668](https://vulners.com/osvdb/OSVDB:18668)\nRedHat RHSA: RHSA-2005:627\nRedHat RHSA: RHSA-2005:589\nPacket Storm: http://packetstormsecurity.org/0508-advisories/glsa-200508-06.txt\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200508-06.xml\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050802-01-U.asc\nOther Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.407421\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-168-1\nOther Advisory URL: http://www.novell.com/linux/security/advisories/2005_19_sr.html\nOther Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=1235427&group_id=235&atid=100235\nOther Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:139\n[CVE-2005-2103](https://vulners.com/cve/CVE-2005-2103)\n", "published": "2005-08-10T09:38:45", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:18669", "cvelist": ["CVE-2005-2103"], "lastseen": "2017-04-28T13:20:15"}], "nessus": [{"id": "REDHAT-RHSA-2005-589.NASL", "type": "nessus", "title": "RHEL 2.1 : gaim (RHSA-2005:589)", "description": "An updated gaim package that fixes a buffer overflow security issue is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nGaim is an Internet Instant Messaging client.\n\nA heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ which could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2103 to this issue.\n\nUsers of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to this issue.", "published": "2005-08-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19422", "cvelist": ["CVE-2005-2103"], "lastseen": "2017-10-29T13:38:22"}, {"id": "FREEBSD_PKG_6D1761D20B2311DABC080001020EED82.NASL", "type": "nessus", "title": "FreeBSD : gaim -- AIM/ICQ away message buffer overflow (6d1761d2-0b23-11da-bc08-0001020eed82)", "description": "The GAIM team reports :\n\nA remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (such as %t or %n).", "published": "2006-05-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21447", "cvelist": ["CVE-2005-2103"], "lastseen": "2017-10-29T13:37:11"}, {"id": "GENTOO_GLSA-200508-06.NASL", "type": "nessus", "title": "GLSA-200508-06 : Gaim: Remote execution of arbitrary code", "description": "The remote host is affected by the vulnerability described in GLSA-200508-06 (Gaim: Remote execution of arbitrary code)\n\n Brandon Perry discovered that Gaim is vulnerable to a heap-based buffer overflow when handling away messages (CAN-2005-2103).\n Furthermore, Daniel Atallah discovered a vulnerability in the handling of file transfers (CAN-2005-2102).\n Impact :\n\n A remote attacker could create a specially crafted away message which, when viewed by the target user, could lead to the execution of arbitrary code. Also, an attacker could send a file with a non-UTF8 filename to a user, which would result in a Denial of Service.\n Workaround :\n\n There is no known workaround at this time.", "published": "2005-08-18T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19439", "cvelist": ["CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-10-29T13:44:28"}, {"id": "MANDRAKE_MDKSA-2005-139.NASL", "type": "nessus", "title": "Mandrake Linux Security Advisory : gaim (MDKSA-2005:139)", "description": "Yet more vulnerabilities have been discovered in the gaim IM client.\nInvalid characters in a sent file can cause Gaim to crash on some systems (CVE-2005-2102); a remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (CVE-2005-2103); a memory alignment bug in the library used by Gaim to access the Gadu-Gadu network can result in a buffer overflow on non-x86 architecture systems (CVE-2005-2370).\n\nThese problems have been corrected in gaim 1.5.0 which is provided with this update.", "published": "2005-10-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19896", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-10-29T13:41:12"}, {"id": "UBUNTU_USN-168-1.NASL", "type": "nessus", "title": "Ubuntu 4.10 / 5.04 : gaim vulnerabilities (USN-168-1)", "description": "Daniel Atallah discovered a Denial of Service vulnerability in the file transfer handler of OSCAR (the module that handles various instant messaging protocols like ICQ). A remote attacker could crash the Gaim client of an user by attempting to send him a file with a name that contains invalid UTF-8 characters. (CAN-2005-2102)\n\nIt was found that specially crafted 'away' messages triggered a buffer overflow. A remote attacker could exploit this to crash the Gaim client or possibly even execute arbitrary code with the permissions of the Gaim user. (CAN-2005-2103)\n\nSzymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in the Gadu library, which was fixed in USN-162-1.\nHowever, it was discovered that Gaim contains a copy of the vulnerable code. By sending specially crafted messages over the Gadu protocol, a remote attacker could crash Gaim. (CAN-2005-2370).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2006-01-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=20574", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-10-29T13:36:19"}, {"id": "CENTOS_RHSA-2005-627.NASL", "type": "nessus", "title": "CentOS 3 / 4 : gaim (CESA-2005:627)", "description": "An updated gaim package that fixes multiple security issues is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nGaim is an Internet Messaging client.\n\nA heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2103 to this issue.\n\nDaniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ, causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2102 to this issue.\n\nA denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2370 to this issue.\n\nUsers of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.", "published": "2006-07-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=21846", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-10-29T13:34:38"}, {"id": "SLACKWARE_SSA_2005-242-03.NASL", "type": "nessus", "title": "Slackware 10.0 / 10.1 / 9.0 / 9.1 / current : gaim (SSA:2005-242-03)", "description": "New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some security issues. including: AIM/ICQ away message buffer overflow AIM/ICQ non-UTF-8 filename crash Gadu-Gadu memory alignment bug Sites that use GAIM should upgrade to the new version.", "published": "2005-10-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19860", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-10-29T13:34:46"}, {"id": "REDHAT-RHSA-2005-627.NASL", "type": "nessus", "title": "RHEL 3 / 4 : gaim (RHSA-2005:627)", "description": "An updated gaim package that fixes multiple security issues is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nGaim is an Internet Messaging client.\n\nA heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2103 to this issue.\n\nDaniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ, causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2102 to this issue.\n\nA denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2370 to this issue.\n\nUsers of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.", "published": "2005-08-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=19423", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-10-29T13:45:28"}], "centos": [{"id": "CESA-2005:589-01", "type": "centos", "title": "gaim security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:589-01\n\n\nGaim is an Internet Instant Messaging client.\r\n\r\nA heap based buffer overflow issue was discovered in the way Gaim processes\r\naway messages. A remote attacker could send a specially crafted away\r\nmessage to a Gaim user logged into AIM or ICQ which could result in\r\narbitrary code execution. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.\r\n\r\nUsers of gaim are advised to upgrade to this updated package, which\r\ncontains backported patches and is not vulnerable to this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012030.html\n\n**Affected packages:**\ngaim\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2005-08-10T04:28:39", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-August/012030.html", "cvelist": ["CVE-2005-2103"], "lastseen": "2018-01-25T19:02:37"}, {"id": "CESA-2005:627", "type": "centos", "title": "gaim security update", "description": "**CentOS Errata and Security Advisory** CESA-2005:627\n\n\nGaim is an Internet Messaging client.\r\n\r\nA heap based buffer overflow issue was discovered in the way Gaim processes\r\naway messages. A remote attacker could send a specially crafted away\r\nmessage to a Gaim user logged into AIM or ICQ that could result in\r\narbitrary code execution. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.\r\n\r\nDaniel Atallah discovered a denial of service issue in Gaim. A remote\r\nattacker could attempt to upload a file with a specially crafted name to a\r\nuser logged into AIM or ICQ, causing Gaim to crash. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-2102 to this issue.\r\n\r\nA denial of service bug was found in Gaim's Gadu Gadu protocol handler. A\r\nremote attacker could send a specially crafted message to a Gaim user\r\nlogged into Gadu Gadu, causing Gaim to crash. Please note that this issue\r\nonly affects PPC and IBM S/390 systems running Gaim. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-2370 to this issue.\r\n\r\nUsers of gaim are advised to upgrade to this updated package, which\r\ncontains backported patches and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012035.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012036.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012047.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012048.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012049.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012050.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012051.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-August/012052.html\n\n**Affected packages:**\ngaim\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-627.html", "published": "2005-08-10T08:32:46", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2005-August/012035.html", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-10-03T18:25:28"}], "openvas": [{"id": "OPENVAS:55045", "type": "openvas", "title": "FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "published": "2008-09-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=55045", "cvelist": ["CVE-2005-2103"], "lastseen": "2017-07-02T21:10:27"}, {"id": "OPENVAS:55060", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200508-06 (Gaim)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200508-06.", "published": "2008-09-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=55060", "cvelist": ["CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-07-24T12:50:24"}, {"id": "OPENVAS:55187", "type": "openvas", "title": "Slackware Advisory SSA:2005-242-03 gaim", "description": "The remote host is missing an update as announced\nvia advisory SSA:2005-242-03.", "published": "2012-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=55187", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2017-07-24T12:50:32"}, {"id": "OPENVAS:136141256231055187", "type": "openvas", "title": "Slackware Advisory SSA:2005-242-03 gaim", "description": "The remote host is missing an update as announced\nvia advisory SSA:2005-242-03.", "published": "2012-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231055187", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2018-04-06T11:16:53"}], "redhat": [{"id": "RHSA-2005:589", "type": "redhat", "title": "(RHSA-2005:589) gaim security update", "description": "Gaim is an Internet Instant Messaging client.\r\n\r\nA heap based buffer overflow issue was discovered in the way Gaim processes\r\naway messages. A remote attacker could send a specially crafted away\r\nmessage to a Gaim user logged into AIM or ICQ which could result in\r\narbitrary code execution. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.\r\n\r\nUsers of gaim are advised to upgrade to this updated package, which\r\ncontains backported patches and is not vulnerable to this issue.", "published": "2005-08-09T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:589", "cvelist": ["CVE-2005-2103"], "lastseen": "2018-03-28T01:01:08"}, {"id": "RHSA-2005:627", "type": "redhat", "title": "(RHSA-2005:627) gaim security update", "description": "Gaim is an Internet Messaging client.\r\n\r\nA heap based buffer overflow issue was discovered in the way Gaim processes\r\naway messages. A remote attacker could send a specially crafted away\r\nmessage to a Gaim user logged into AIM or ICQ that could result in\r\narbitrary code execution. The Common Vulnerabilities and Exposures project\r\n(cve.mitre.org) has assigned the name CAN-2005-2103 to this issue.\r\n\r\nDaniel Atallah discovered a denial of service issue in Gaim. A remote\r\nattacker could attempt to upload a file with a specially crafted name to a\r\nuser logged into AIM or ICQ, causing Gaim to crash. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-2102 to this issue.\r\n\r\nA denial of service bug was found in Gaim's Gadu Gadu protocol handler. A\r\nremote attacker could send a specially crafted message to a Gaim user\r\nlogged into Gadu Gadu, causing Gaim to crash. Please note that this issue\r\nonly affects PPC and IBM S/390 systems running Gaim. The Common\r\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\r\nCAN-2005-2370 to this issue.\r\n\r\nUsers of gaim are advised to upgrade to this updated package, which\r\ncontains backported patches and is not vulnerable to these issues.", "published": "2005-08-09T04:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2005:627", "cvelist": ["CVE-2005-2102", "CVE-2005-2103", "CVE-2005-2370"], "lastseen": "2017-09-09T07:20:12"}], "freebsd": [{"id": "6D1761D2-0B23-11DA-BC08-0001020EED82", "type": "freebsd", "title": "gaim -- AIM/ICQ away message buffer overflow", "description": "\nThe GAIM team reports:\n\nA remote AIM or ICQ user can cause a buffer overflow in\n\t Gaim by setting an away message containing many AIM\n\t substitution strings (such as %t or %n).\n\n", "published": "2005-08-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vuxml.freebsd.org/freebsd/6d1761d2-0b23-11da-bc08-0001020eed82.html", "cvelist": ["CVE-2005-2103"], "lastseen": "2016-09-26T17:25:12"}], "gentoo": [{"id": "GLSA-200508-06", "type": "gentoo", "title": "Gaim: Remote execution of arbitrary code", "description": "### Background\n\nGaim is a full featured instant messaging client which handles a variety of instant messaging protocols. \n\n### Description\n\nBrandon Perry discovered that Gaim is vulnerable to a heap-based buffer overflow when handling away messages (CAN-2005-2103). Furthermore, Daniel Atallah discovered a vulnerability in the handling of file transfers (CAN-2005-2102). \n\n### Impact\n\nA remote attacker could create a specially crafted away message which, when viewed by the target user, could lead to the execution of arbitrary code. Also, an attacker could send a file with a non-UTF8 filename to a user, which would result in a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Gaim users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gaim-1.5.0\"", "published": "2005-08-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/200508-06", "cvelist": ["CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2016-09-06T19:46:17"}], "ubuntu": [{"id": "USN-168-1", "type": "ubuntu", "title": "Gaim vulnerabilities", "description": "Daniel Atallah discovered a Denial of Service vulnerability in the file transfer handler of OSCAR (the module that handles various instant messaging protocols like ICQ). A remote attacker could crash the Gaim client of an user by attempting to send him a file with a name that contains invalid UTF-8 characters. (CAN-2005-2102)\n\nIt was found that specially crafted \u201caway\u201d messages triggered a buffer overflow. A remote attacker could exploit this to crash the Gaim client or possibly even execute arbitrary code with the permissions of the Gaim user. (CAN-2005-2103)\n\nSzymon Zygmunt and Micha\u0106\u0082 Bartoszkiewicz discovered a memory alignment error in the Gadu library, which was fixed in USN-162-1. However, it was discovered that Gaim contains a copy of the vulnerable code. By sending specially crafted messages over the Gadu protocol, a remote attacker could crash Gaim. (CAN-2005-2370)", "published": "2005-08-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/168-1/", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2018-03-29T18:18:55"}], "slackware": [{"id": "SSA-2005-242-03", "type": "slackware", "title": "gaim", "description": "New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1,\nand -current to fix some security issues. including:\n\n AIM/ICQ away message buffer overflow\n AIM/ICQ non-UTF-8 filename crash\n Gadu-Gadu memory alignment bug\n\nSites that use GAIM should upgrade to the new version.\n\nMore details about these issues may be found in the Common\nVulnerabilities and Exposures (CVE) database:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370\n\n\nHere are the details from the Slackware 10.1 ChangeLog:\n\npatches/packages/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0.\n This fixes some more security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370\n (* Security fix *)\n\nWhere to find the new packages:\n\nUpdated package for Slackware 9.0:\nftp://ftp.slackware.com/pub/slackware/slackware-9.0/patches/packages/gaim-1.5.0-i386-1.tgz\n\nUpdated package for Slackware 9.1:\nftp://ftp.slackware.com/pub/slackware/slackware-9.1/patches/packages/gaim-1.5.0-i486-1.tgz\n\nUpdated package for Slackware 10.0:\nftp://ftp.slackware.com/pub/slackware/slackware-10.0/patches/packages/gaim-1.5.0-i486-1.tgz\n\nUpdated package for Slackware 10.1:\nftp://ftp.slackware.com/pub/slackware/slackware-10.1/patches/packages/gaim-1.5.0-i486-1.tgz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-1.5.0-i486-1.tgz\n\n\nMD5 signatures:\n\nSlackware 9.0 package:\n676bad766cfddb50c7453554d66b1748 gaim-1.5.0-i386-1.tgz\n\nSlackware 9.1 package:\nd2cc0baba627ba9dbf3f218bdeacc630 gaim-1.5.0-i486-1.tgz\n\nSlackware 10.0 package:\n98d55471ed0a2f9def7fcded90860839 gaim-1.5.0-i486-1.tgz\n\nSlackware 10.1 package:\nbc6891f4acb22530c472218f5d9493fb gaim-1.5.0-i486-1.tgz\n\nSlackware -current package:\nb9a55d4359183b81e1150bea6e13b61e gaim-1.5.0-i486-1.tgz\n\n\nInstallation instructions:\n\nUpgrade the package as root:\n > upgradepkg gaim-1.5.0-i486-1.tgz", "published": "2005-08-30T15:54:29", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.407421", "cvelist": ["CVE-2005-2370", "CVE-2005-2103", "CVE-2005-2102"], "lastseen": "2018-02-02T18:11:30"}, {"id": "SSA-2005-251-03", "type": "slackware", "title": "slackware-current security updates", "description": "This advisory summarizes recent security fixes in Slackware -current.\n\nUsually security advisories are not issued on problems that exist only\nwithin the test version of Slackware (slackware-current), but since it's\nso close to being released as Slackware 10.2, and since there have been\nseveral -cuurent-only issues recently, it has been decided that it would\nbe a good idea to release a summary of all of the security fixes in\nSlackware -current for the last 2 weeks. Some of these are -current only,\nand some affect other versions of Slackware (and advisories for these\nhave already been issued).\n\n\nHere are the details from the Slackware -current ChangeLog:\n\nap/groff-1.19.1-i486-3.tgz: Fixed a /tmp bug in groffer. Groffer is a\n script to display formatted output on the console or X, and is not normally\n used in other scripts (for printers, etc) like most groff components are.\n The risk from this bug is probably quite low. The fix was pulled from the\n just-released groff-1.19.2. With Slackware 10.2 just around the corner it\n didn't seem prudent to upgrade to that -- the diff from 1.19.1 to 1.19.2\n is over a megabyte compressed.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0969\n (* Security fix *)\n\nkde/kdebase-3.4.2-i486-2.tgz: Patched a bug in Konqueror's handling of\n characters such as '*', '[', and '?'.\n Generated new kdm config files.\n Added /opt/kde/man to $MANPATH.\n Patched a security bug in kcheckpass that could allow a local user to\n gain root privileges.\n For more information, see:\n http://www.kde.org/info/security/advisory-20050905-1.txt\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2494\n (* Security fix *)\n\nn/mod_ssl-2.8.24_1.3.33-i486-1.tgz: Upgraded to mod_ssl-2.8.24-1.3.33.\n From the CHANGES file:\n Fix a security issue (CAN-2005-2700) where "SSLVerifyClient require" was\n not enforced in per-location context if "SSLVerifyClient optional" was\n configured in the global virtual host configuration.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2700\n (* Security fix *)\n\nn/openssh-4.2p1-i486-1.tgz: Upgraded to openssh-4.2p1.\n From the OpenSSH 4.2 release announcement:\n SECURITY: Fix a bug introduced in OpenSSH 4.0 that caused\n GatewayPorts to be incorrectly activated for dynamic ("-D") port\n forwardings when no listen address was explicitly specified.\n (* Security fix *)\n\nkde/kdeedu-3.4.2-i486-2.tgz: Fixed a minor /tmp bug in kvoctrain.\n (* Security fix *)\n\nn/php-4.4.0-i486-3.tgz: Relinked with the system PCRE library, as the builtin\n library has a buffer overflow that could be triggered by the processing of a\n specially crafted regular expression.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491\n (* Security fix *)\n Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the\n insecure eval() function.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498\n (* Security fix *)\n\nxap/gaim-1.5.0-i486-1.tgz: Upgraded to gaim-1.5.0.\n This fixes some more security issues.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2370\n (* Security fix *)\n\ntesting/packages/php-5.0.4/php-5.0.4-i486-3.tgz: Relinked with the\n system PCRE library, as the builtin library has a buffer overflow\n that could be triggered by the processing of a specially crafted\n regular expression.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2491\n (* Security fix *)\n Upgraded PEAR::XMLRPC to version 1.4.0, which eliminates the use of the\n insecure eval() function.\n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2498\n (* Security fix *)\n Recompiled with support for mbstring, cURL, and XSLT.\n Thanks to Den (aka Diesel) for suggesting XSLT.\n\nWhere to find the new packages:\n\nAdd of these packages are available in the slackware-current directory\non ftp.slackware.com:\n\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/ap/groff-1.19.1-i486-3.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdebase-3.4.2-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/mod_ssl-2.8.24_1.3.33-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/openssh-4.2p1-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/kde/kdeedu-3.4.2-i486-2.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-4.4.0-i486-3.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/gaim-1.5.0-i486-1.tgz\nftp://ftp.slackware.com/pub/slackware/slackware-current/testing/packages/php-5.0.4/php-5.0.4-i486-3.tgz\n\nA .asc file is provided next to each package. This can be used along\nwith 'gpg --verify' to verify the integrity of the packages.", "published": "2005-09-08T15:55:02", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.651553", "cvelist": ["CVE-2005-2700", "CVE-2005-2498", "CVE-2005-2494", "CVE-2005-2370", "CVE-2005-2103", "CVE-2004-0969", "CVE-2005-2491", "CVE-2005-2102"], "lastseen": "2018-02-02T18:11:38"}]}}
