Gaim URL Parser Function Overflow

2004-01-27T02:50:42
ID OSVDB:3731
Type osvdb
Reporter e-matters()
Modified 2004-01-27T02:50:42

Description

Vulnerability Description

A remote overflow exists in Gaim. The URL Parser Function splits a URL into its parts using temporary fixed size stackbuffers in an unsafe way, resulting in a buffer overflow. With a specially crafted set of data, an attacker can overflow the buffer and possibly execute arbitrary code on the system, resulting in a loss of integrity.

Note that it is only possible to overwrite the buffers with a limited character set which makes exploitation difficult.

Solution Description

Upgrade to version 0.76 when available. The FreeBSD security team has released an unoffcial patch which also corrects this vulnerability.

Short Description

A remote overflow exists in Gaim. The URL Parser Function splits a URL into its parts using temporary fixed size stackbuffers in an unsafe way, resulting in a buffer overflow. With a specially crafted set of data, an attacker can overflow the buffer and possibly execute arbitrary code on the system, resulting in a loss of integrity.

Note that it is only possible to overwrite the buffers with a limited character set which makes exploitation difficult.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10705 Related OSVDB ID: 3730 Other Solution URL: http://security.e-matters.de/patches/gaim-0.75-fix.diff Other Advisory URL: http://security.e-matters.de/advisories/012004.html ISS X-Force ID: 14945 CVE-2004-0006