The Gaim team discovered denial-of-service vulnerabilities in the MSN protocol handler :
After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of available memory.
Gaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.
{"id": "FREEBSD_PKG_F2D6A5E126B911D99289000C41E2CDAD.NASL", "type": "nessus", "bulletinFamily": "scanner", "title": "FreeBSD : gaim -- MSN denial-of-service vulnerabilities (f2d6a5e1-26b9-11d9-9289-000c41e2cdad)", "description": "The Gaim team discovered denial-of-service vulnerabilities in the MSN protocol handler :\n\nAfter accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of available memory.\n\nGaim allocates a buffer for the payload of each message received based on the size field in the header of the message. A malicious peer could specify an invalid size that exceeds the amount of available memory.", "published": "2005-07-13T00:00:00", "modified": "2021-01-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/19168", "reporter": "This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.pidgin.im/news/security/?id=7", "http://www.pidgin.im/news/security/?id=8", "http://www.nessus.org/u?1fefcd77"], "cvelist": [], "immutableFields": [], "lastseen": "2021-08-19T13:16:59", "viewCount": 6, "enchantments": {"dependencies": {}, "score": {"value": -0.2, "vector": "NONE"}, "backreferences": {"references": [{"type": "freebsd", "idList": ["F2D6A5E1-26B9-11D9-9289-000C41E2CDAD"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310107444"]}]}, "exploitation": null, "vulnersScore": -0.2}, "pluginID": "19168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(19168);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_name(english:\"FreeBSD : gaim -- MSN denial-of-service vulnerabilities (f2d6a5e1-26b9-11d9-9289-000c41e2cdad)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Gaim team discovered denial-of-service vulnerabilities in the MSN\nprotocol handler :\n\nAfter accepting a file transfer request, Gaim will attempt to allocate\na buffer of a size equal to the entire filesize, this allocation\nattempt will cause Gaim to crash if the size exceeds the amount of\navailable memory.\n\nGaim allocates a buffer for the payload of each message received based\non the size field in the header of the message. A malicious peer could\nspecify an invalid size that exceeds the amount of available memory.\"\n );\n # http://gaim.sourceforge.net/security/?id=7\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/news/security/?id=7\"\n );\n # http://gaim.sourceforge.net/security/?id=8\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/news/security/?id=8\"\n );\n # https://vuxml.freebsd.org/freebsd/f2d6a5e1-26b9-11d9-9289-000c41e2cdad.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?1fefcd77\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ko-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/10/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gaim<1.0.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-gaim<1.0.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ko-gaim<1.0.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-gaim<1.0.2\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"gaim>20030000\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "FreeBSD Local Security Checks", "cpe": ["p-cpe:/a:freebsd:freebsd:gaim", "p-cpe:/a:freebsd:freebsd:gaim", "p-cpe:/a:freebsd:freebsd:ja-gaim", "p-cpe:/a:freebsd:freebsd:ko-gaim", "p-cpe:/a:freebsd:freebsd:ru-gaim", "cpe:/o:freebsd:freebsd"], "solution": "Update the affected packages.", "nessusSeverity": "High", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": "2004-10-25T00:00:00", "vulnerabilityPublicationDate": "2004-10-19T00:00:00", "exploitableWith": [], "_state": {"dependencies": 1647589307, "score": 1659693657}, "vendor_cvss2": {}, "vendor_cvss3": {}}