Gaim Jabber Malformed File Transfer Request DoS

2005-04-04T04:02:49
ID OSVDB:15278
Type osvdb
Reporter OSVDB
Modified 2005-04-04T04:02:49

Description

Vulnerability Description

Gaim contains a flaw that may allow a remote denial of service. The issue is triggered when requesting a malformed file transfer via the Jabber protocol, which causes the application to crash resulting in a loss of availability.

Solution Description

Upgrade to version 1.2.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Gaim contains a flaw that may allow a remote denial of service. The issue is triggered when requesting a malformed file transfer via the Jabber protocol, which causes the application to crash resulting in a loss of availability.

References:

Vendor URL: http://gaim.sourceforge.net/ Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1013645 Secunia Advisory ID:14815 Secunia Advisory ID:14952 Secunia Advisory ID:15059 Secunia Advisory ID:16050 Secunia Advisory ID:15364 Secunia Advisory ID:14947 Related OSVDB ID: 15277 Related OSVDB ID: 15276 Other Advisory URL: http://rhn.redhat.com/errata/RHSA-2005-365.html Other Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.358635 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200504-05.xml Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:071 Other Advisory URL: http://www.slackware.org/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.363712 CVE-2005-0967