Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-434
HistoryFeb 05, 2004 - 12:00 a.m.

gaim - several vulnerabilities

2004-02-0500:00:00
Google
osv.dev
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Stefan Esser discovered several security related problems in Gaim, a
multi-protocol instant messaging client. Not all of them are
applicable for the version in Debian stable, but affected the version
in the unstable distribution at least. The problems were grouped for
the Common Vulnerabilities and Exposures as follows:

  • CAN-2004-0005
    When the Yahoo Messenger handler decodes an octal value for email
    notification functions two different kinds of overflows can be
    triggered. When the MIME decoder decoded a quoted printable
    encoded string for email notification two other different kinds of
    overflows can be triggered. These problems only affect the
    version in the unstable distribution.

  • CAN-2004-0006
    When parsing the cookies within the HTTP reply header of a Yahoo
    web connection a buffer overflow can happen. When parsing the
    Yahoo Login Webpage the YMSG protocol overflows stack buffers if
    the web page returns oversized values. When splitting a URL into
    its parts a stack overflow can be caused. These problems only
    affect the version in the unstable distribution.

When an oversized keyname is read from a Yahoo Messenger packet a
stack overflow can be triggered. When Gaim is setup to use an HTTP
proxy for connecting to the server a malicious HTTP proxy can
exploit it. These problems affect all versions Debian ships.
However, the connection to Yahoo doesn’t work in the version in
Debian stable.

  • CAN-2004-0007
    Internally data is copied between two tokens into a fixed size
    stack buffer without a size check. This only affects the version
    of gaim in the unstable distribution.

  • CAN-2004-0008
    When allocating memory for AIM/Oscar DirectIM packets an integer
    overflow can happen, resulting in a heap overflow. This only
    affects the version of gaim in the unstable distribution.

For the stable distribution (woody) these problems has been fixed in
version 0.58-2.4.

For the unstable distribution (sid) these problems has been fixed in
version 0.75-2.

We recommend that you upgrade your gaim packages.

Related

openvas 6
debian 2
nessus 6
securityvulns 1
freebsd 1
suse 1
redhat 2
cert 12
cve 4
ubuntucve 1
openvas
openvas
Debian: Security Advisory (DSA-434)
2008-01-17 00:00:00
Debian Security Advisory DSA 434-1 (gaim)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200401-04 (GAIM)
2008-09-24 00:00:00
debian
debian
[SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities
2004-02-05 14:06:18
[SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities
2004-02-05 14:06:18
nessus
nessus
Debian DSA-434-1 : gaim - several vulnerabilities
2004-09-29 00:00:00
FreeBSD : Several remotely exploitable buffer overflows in gaim (6fd02439-5d70-11d8-80e3-0020ed76ef5a)
2009-04-23 00:00:00
FreeBSD : Several remotely exploitable buffer overflows in gaim (52)
2004-07-06 00:00:00
securityvulns
securityvulns
Advisory 01/2004: 12 x Gaim remote overflows
2004-01-26 00:00:00
freebsd
freebsd
Several remotely exploitable buffer overflows in gaim
2004-01-26 00:00:00
suse
suse
remote system compromise in gaim
2004-01-29 12:56:32
redhat
redhat
(RHSA-2004:033) gaim security update
2004-01-26 00:00:00
(RHSA-2004:045) gaim security update
2004-02-09 00:00:00
cert
cert
Gaim contains a buffer overflow vulnerability in the Extract Info Field function
2004-05-10 00:00:00
Gaim contains a buffer overflow vulnerability in the gaim_quotedp_decode() function
2004-04-30 00:00:00
Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function
2004-05-06 00:00:00
cve
cve
CVE-2004-0005
2004-03-03 05:00:00
CVE-2004-0006
2004-03-03 05:00:00
CVE-2004-0007
2004-03-03 05:00:00
ubuntucve
ubuntucve
CVE-2004-0006
2004-03-03 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON
Related for OSV:DSA-434
openvas6debian2nessus6securityvulns1freebsd1suse1redhat2cert12cve4ubuntucve1