ID CVE-2004-0005
Summary Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
References
Vulnerable Configurations
  • cpe:2.3:a:rob_flynn:gaim:0.75
    cpe:2.3:a:rob_flynn:gaim:0.75
CVSS
Base: 7.5 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_GAIM_076.NASL
    description The following package needs to be updated: gaim
    last seen 2016-09-26
    modified 2004-07-06
    plugin id 12543
    published 2004-07-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=12543
    title FreeBSD : Several remotely exploitable buffer overflows in gaim (52)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-434.NASL
    description Stefan Esser discovered several security related problems in Gaim, a multi-protocol instant messaging client. Not all of them are applicable for the version in Debian stable, but affected the version in the unstable distribution at least. The problems were grouped for the Common Vulnerabilities and Exposures as follows : - CAN-2004-0005 When the Yahoo Messenger handler decodes an octal value for email notification functions two different kinds of overflows can be triggered. When the MIME decoder decoded a quoted printable encoded string for email notification two other different kinds of overflows can be triggered. These problems only affect the version in the unstable distribution. - CAN-2004-0006 When parsing the cookies within the HTTP reply header of a Yahoo web connection a buffer overflow can happen. When parsing the Yahoo Login Webpage the YMSG protocol overflows stack buffers if the web page returns oversized values. When splitting a URL into its parts a stack overflow can be caused. These problems only affect the version in the unstable distribution. When an oversized keyname is read from a Yahoo Messenger packet a stack overflow can be triggered. When Gaim is setup to use an HTTP proxy for connecting to the server a malicious HTTP proxy can exploit it. These problems affect all versions Debian ships. However, the connection to Yahoo doesn't work in the version in Debian stable. - CAN-2004-0007 Internally data is copied between two tokens into a fixed size stack buffer without a size check. This only affects the version of gaim in the unstable distribution. - CAN-2004-0008 When allocating memory for AIM/Oscar DirectIM packets an integer overflow can happen, resulting in a heap overflow. This only affects the version of gaim in the unstable distribution.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 15271
    published 2004-09-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15271
    title Debian DSA-434-1 : gaim - several vulnerabilities
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_6FD024395D7011D880E30020ED76EF5A.NASL
    description Stefan Esser of e-matters found almost a dozen remotely exploitable vulnerabilities in Gaim. From the e-matters advisory : While developing a custom add-on, an integer overflow in the handling of AIM DirectIM packets was revealed that could lead to a remote compromise of the IM client. After disclosing this bug to the vendor, they had to make a hurried release because of a change in the Yahoo connection procedure that rendered GAIM useless. Unfourtunately at the same time a closer look onto the sourcecode revealed 11 more vulnerabilities. The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is a fairly simple task. In combination with the latest kernel vulnerabilities or the habit of users to work as root/administrator these bugs can result in remote root compromises.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 37025
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37025
    title FreeBSD : Several remotely exploitable buffer overflows in gaim (6fd02439-5d70-11d8-80e3-0020ed76ef5a)
refmap via4
bugtraq 20040126 Advisory 01/2004: 12 x Gaim remote overflows
cert-vn
  • VU#190366
  • VU#226974
  • VU#404470
  • VU#655974
conectiva CLA-2004:813
debian DSA-434
fulldisc 20040126 Advisory 01/2004: 12 x Gaim remote overflows
gentoo GLSA-200401-04
misc http://security.e-matters.de/advisories/012004.html
osvdb 3736
sectrack 1008850
slackware SSA:2004-026
suse SuSE-SA:2004:004
xf
  • gaim-mime-decoder-bo(14942)
  • gaim-mime-decoder-oob(14944)
  • gaim-sscanf-oob(14938)
  • gaim-yahoodecode-offbyone-bo(14935)
Last major update 19-12-2016 - 21:59
Published 03-03-2004 - 00:00
Last modified 10-07-2017 - 21:29
Back to Top