Yahoo! Messenger Long Message Overflow

2002-02-21T00:00:00
ID OSVDB:6866
Type osvdb
Reporter OSVDB
Modified 2002-02-21T00:00:00

Description

Vulnerability Description

A remote overflow exists in Yahoo Messenger. Yahoo Messenger fails to validate the length of the message field of the Yahoo protocol resulting in a buffer overflow. With a specially crafted request, an attacker can cause the victim's Messenger client to crash resulting in a loss of availability.

Solution Description

Upgrade to version 5.0 Build 1065 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Yahoo Messenger. Yahoo Messenger fails to validate the length of the message field of the Yahoo protocol resulting in a buffer overflow. With a specially crafted request, an attacker can cause the victim's Messenger client to crash resulting in a loss of availability.

References:

Vendor URL: http://messenger.yahoo.com Related OSVDB ID: 6867 Related OSVDB ID: 6868 Related OSVDB ID: 6869 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0246.html ISS X-Force ID: 8265 CVE-2002-0320 CERT VU: 419419 CERT: CA-2002-16 Bugtraq ID: 4163