Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200408-27
HistoryAug 27, 2004 - 12:00 a.m.

Gaim: New vulnerabilities

2004-08-2700:00:00
Gentoo Foundation
security.gentoo.org
17

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.078 Low

EPSS

Percentile

94.2%

JSON

Background

Gaim is a multi-protocol instant messaging client for Linux which supports many instant messaging protocols.

Description

Gaim fails to do proper bounds checking when:

  • Handling MSN messages (partially fixed with GLSA 200408-12).
  • Handling rich text format messages.
  • Resolving local hostname.
  • Receiving long URLs.
  • Handling groupware messages.
  • Allocating memory for webpages with fake content-length header.

Furthermore Gaim fails to escape filenames when using drag and drop installation of smiley themes.

Impact

These vulnerabilities could allow an attacker to crash Gaim or execute arbitrary code or commands with the permissions of the user running Gaim.

Workaround

There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Gaim.

Resolution

All gaim users should upgrade to the latest version:

 # emerge sync
 
 # emerge -pv ">=net-im/gaim-0.81-r5"
 # emerge ">=net-im/gaim-0.81-r5"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-im/gaim< 0.81-r5UNKNOWN

Related

openvas 16
nessus 13
slackware 1
redhat 1
cve 4
ubuntucve 3
freebsd 4
gentoo 1
suse 6
securityvulns 1
openvas
openvas
Gentoo Security Advisory GLSA 200408-27 (Gaim)
2008-09-24 00:00:00
Slackware: Security Advisory (SSA:2004-239-01)
2012-09-10 00:00:00
Slackware Advisory SSA:2004-239-01 gaim
2012-09-11 00:00:00
nessus
nessus
RHEL 3 : gaim (RHSA-2004:400)
2004-09-09 00:00:00
GLSA-200408-27 : Gaim: New vulnerabilities
2004-08-30 00:00:00
Fedora Core 1 : gaim-0.82-0.FC1 (2004-278)
2004-08-26 00:00:00
slackware
slackware
[slackware-security] gaim
2004-08-27 02:48:11
redhat
redhat
(RHSA-2004:400) gaim security update
2004-09-07 00:00:00
cve
cve
CVE-2004-0785
2004-10-20 04:00:00
CVE-2004-0784
2004-10-20 04:00:00
CVE-2004-0500
2004-09-28 04:00:00
ubuntucve
ubuntucve
CVE-2004-0500
2004-09-28 00:00:00
CVE-2004-0785
2004-10-20 00:00:00
CVE-2004-0754
2004-10-20 00:00:00
freebsd
freebsd
gaim remotely exploitable vulnerabilities in MSN component
2004-08-12 00:00:00
gaim -- malicious smiley themes
2004-08-22 00:00:00
gaim -- multiple buffer overflows
2004-08-26 00:00:00
gentoo
gentoo
Gaim: MSN protocol parsing function buffer overflow
2004-08-12 00:00:00
suse
suse
local privilege escalation in kernel
2004-08-09 08:40:13
remote code execution in gtk2, gdk-pixbuf
2004-09-17 10:02:50
remote code execution in gaim
2004-08-12 12:23:20
securityvulns
securityvulns
[Full-Disclosure] SUSE Security Announcement: gaim &#40;SUSE-SA:2004:025&#41;
2004-08-12 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.078 Low

EPSS

Percentile

94.2%

JSON
Related for GLSA-200408-27
openvas16nessus13slackware1redhat1cve4ubuntucve3freebsd4gentoo1suse6securityvulns1