Gaim Away Message Processing Remote Overflow

2005-08-10T09:38:45
ID OSVDB:18669
Type osvdb
Reporter Brandon Perry()
Modified 2005-08-10T09:38:45

Description

Vulnerability Description

A remote overflow exists in gaim. The program fails to validate away messages resulting in a buffer overflow. With a specially crafted away message, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 1.5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in gaim. The program fails to validate away messages resulting in a buffer overflow. With a specially crafted away message, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Security Tracker: 1014649 Secunia Advisory ID:16384 Secunia Advisory ID:16437 Secunia Advisory ID:16387 Secunia Advisory ID:16423 Secunia Advisory ID:16436 Secunia Advisory ID:16442 Secunia Advisory ID:16483 Secunia Advisory ID:16637 Secunia Advisory ID:16379 Secunia Advisory ID:16535 Related OSVDB ID: 18668 RedHat RHSA: RHSA-2005:627 RedHat RHSA: RHSA-2005:589 Packet Storm: http://packetstormsecurity.org/0508-advisories/glsa-200508-06.txt Other Advisory URL: http://security.gentoo.org/glsa/glsa-200508-06.xml Other Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20050802-01-U.asc Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.407421 Other Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-168-1 Other Advisory URL: http://www.novell.com/linux/security/advisories/2005_19_sr.html Other Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=1235427&group_id=235&atid=100235 Other Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:139 CVE-2005-2103