gaim remotely exploitable vulnerabilities in MSN component

ID 5B8F9A02-EC93-11D8-B913-000C41E2CDAD
Type freebsd
Reporter FreeBSD
Modified 2004-10-25T00:00:00


Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim.

In two places in the MSN protocol plugins (object.c and slp.c), strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN's MSNSLP protocol, which is peer-to-peer, so this could potentially be easy to exploit.