Gaim Extract Info Field Function Buffer Overflow

2004-01-27T02:50:42
ID OSVDB:3733
Type osvdb
Reporter e-matters()
Modified 2004-01-27T02:50:42

Description

Vulnerability Description

A remote overflow exists in Gaim. The Extract Info Field Function combines data from two tokens into a fixed-length stack buffer without properly checking the size of the resulting string, resulting in a buffer overflow. With a specially crafted set of data, an attacker can overflow the buffer and possibly execute arbitrary code on the system, resulting in a loss of integrity.

Solution Description

Upgrade to version 0.76 or higher, as it has been reported to fix this vulnerability. The FreeBSD security team has released an unoffcial patch which also corrects this vulnerability.

Short Description

A remote overflow exists in Gaim. The Extract Info Field Function combines data from two tokens into a fixed-length stack buffer without properly checking the size of the resulting string, resulting in a buffer overflow. With a specially crafted set of data, an attacker can overflow the buffer and possibly execute arbitrary code on the system, resulting in a loss of integrity.

References:

Vendor Specific Advisory URL Secunia Advisory ID:10705 Related OSVDB ID: 3731 Related OSVDB ID: 3730 Related OSVDB ID: 3732 Other Solution URL: http://security.e-matters.de/patches/gaim-0.75-fix.diff Other Advisory URL: http://security.e-matters.de/advisories/012004.html ISS X-Force ID: 14946 CVE-2004-0007