Gaim Local Hostname Resolution Overflow

2004-08-26T03:34:05
ID OSVDB:9262
Type osvdb
Reporter OSVDB
Modified 2004-08-26T03:34:05

Description

Vulnerability Description

A remote overflow exists in Gaim. Gaim fails to check the length of the destination buffer, when receiveing a reply to a DNS lookup of the local host name resulting in a buffer overflow. With a specially crafted request, an attacker can compromise the system resulting in a loss of integrity.

Technical Description

If the local computers host name is not in /etc/hosts, and the computer performs a DNS query to obtain it's hostname when signing on to zephyr, it could receive a reply with a hostname greater than MAXHOSTNAMELEN (generally 64 bytes). If gethostbyname() does not ensure the size of hostent->h_name is less than MAXHOSTNAMELEN, this value would be copied to a buffer that is not large enough.

Solution Description

Upgrade to version 0.82 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in Gaim. Gaim fails to check the length of the destination buffer, when receiveing a reply to a DNS lookup of the local host name resulting in a buffer overflow. With a specially crafted request, an attacker can compromise the system resulting in a loss of integrity.

References:

Vendor URL: http://gaim.sourceforge.net/security/index.php?id=4 Vendor URL: http://gaim.sourceforge.net/ Vendor Specific Advisory URL Security Tracker: 1011083 Secunia Advisory ID:13101 Secunia Advisory ID:12382 Secunia Advisory ID:12383 Related OSVDB ID: 9263 Related OSVDB ID: 9261 RedHat RHSA: RHSA-2004:400-15 Other Advisory URL: http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.375602 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000884 Nessus Plugin ID:14374 Nessus Plugin ID:14373 CVE-2004-0785