ID CVE-2004-0891
Summary Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
References
Vulnerable Configurations
  • cpe:2.3:a:rob_flynn:gaim:0.10
    cpe:2.3:a:rob_flynn:gaim:0.10
  • cpe:2.3:a:rob_flynn:gaim:0.10.3
    cpe:2.3:a:rob_flynn:gaim:0.10.3
  • cpe:2.3:a:rob_flynn:gaim:0.50
    cpe:2.3:a:rob_flynn:gaim:0.50
  • cpe:2.3:a:rob_flynn:gaim:0.51
    cpe:2.3:a:rob_flynn:gaim:0.51
  • cpe:2.3:a:rob_flynn:gaim:0.52
    cpe:2.3:a:rob_flynn:gaim:0.52
  • cpe:2.3:a:rob_flynn:gaim:0.53
    cpe:2.3:a:rob_flynn:gaim:0.53
  • cpe:2.3:a:rob_flynn:gaim:0.54
    cpe:2.3:a:rob_flynn:gaim:0.54
  • cpe:2.3:a:rob_flynn:gaim:0.55
    cpe:2.3:a:rob_flynn:gaim:0.55
  • cpe:2.3:a:rob_flynn:gaim:0.56
    cpe:2.3:a:rob_flynn:gaim:0.56
  • cpe:2.3:a:rob_flynn:gaim:0.57
    cpe:2.3:a:rob_flynn:gaim:0.57
  • cpe:2.3:a:rob_flynn:gaim:0.58
    cpe:2.3:a:rob_flynn:gaim:0.58
  • cpe:2.3:a:rob_flynn:gaim:0.59
    cpe:2.3:a:rob_flynn:gaim:0.59
  • cpe:2.3:a:rob_flynn:gaim:0.59.1
    cpe:2.3:a:rob_flynn:gaim:0.59.1
  • cpe:2.3:a:rob_flynn:gaim:0.60
    cpe:2.3:a:rob_flynn:gaim:0.60
  • cpe:2.3:a:rob_flynn:gaim:0.61
    cpe:2.3:a:rob_flynn:gaim:0.61
  • cpe:2.3:a:rob_flynn:gaim:0.62
    cpe:2.3:a:rob_flynn:gaim:0.62
  • cpe:2.3:a:rob_flynn:gaim:0.63
    cpe:2.3:a:rob_flynn:gaim:0.63
  • cpe:2.3:a:rob_flynn:gaim:0.64
    cpe:2.3:a:rob_flynn:gaim:0.64
  • cpe:2.3:a:rob_flynn:gaim:0.65
    cpe:2.3:a:rob_flynn:gaim:0.65
  • cpe:2.3:a:rob_flynn:gaim:0.66
    cpe:2.3:a:rob_flynn:gaim:0.66
  • cpe:2.3:a:rob_flynn:gaim:0.67
    cpe:2.3:a:rob_flynn:gaim:0.67
  • cpe:2.3:a:rob_flynn:gaim:0.68
    cpe:2.3:a:rob_flynn:gaim:0.68
  • cpe:2.3:a:rob_flynn:gaim:0.69
    cpe:2.3:a:rob_flynn:gaim:0.69
  • cpe:2.3:a:rob_flynn:gaim:0.70
    cpe:2.3:a:rob_flynn:gaim:0.70
  • cpe:2.3:a:rob_flynn:gaim:0.71
    cpe:2.3:a:rob_flynn:gaim:0.71
  • cpe:2.3:a:rob_flynn:gaim:0.72
    cpe:2.3:a:rob_flynn:gaim:0.72
  • cpe:2.3:a:rob_flynn:gaim:0.73
    cpe:2.3:a:rob_flynn:gaim:0.73
  • cpe:2.3:a:rob_flynn:gaim:0.74
    cpe:2.3:a:rob_flynn:gaim:0.74
  • cpe:2.3:a:rob_flynn:gaim:0.75
    cpe:2.3:a:rob_flynn:gaim:0.75
  • cpe:2.3:a:rob_flynn:gaim:0.78
    cpe:2.3:a:rob_flynn:gaim:0.78
  • cpe:2.3:a:rob_flynn:gaim:0.82
    cpe:2.3:a:rob_flynn:gaim:0.82
  • cpe:2.3:a:rob_flynn:gaim:0.82.1
    cpe:2.3:a:rob_flynn:gaim:0.82.1
  • cpe:2.3:a:rob_flynn:gaim:1.0
    cpe:2.3:a:rob_flynn:gaim:1.0
  • cpe:2.3:a:rob_flynn:gaim:1.0.1
    cpe:2.3:a:rob_flynn:gaim:1.0.1
  • Gentoo Linux
    cpe:2.3:o:gentoo:linux
  • Gentoo Linux 1.4
    cpe:2.3:o:gentoo:linux:1.4
  • Slackware Linux 9.0
    cpe:2.3:o:slackware:slackware_linux:9.0
  • Slackware Linux 9.1
    cpe:2.3:o:slackware:slackware_linux:9.1
  • Slackware Linux 10.0
    cpe:2.3:o:slackware:slackware_linux:10.0
  • cpe:2.3:o:slackware:slackware_linux:current
    cpe:2.3:o:slackware:slackware_linux:current
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ia64
  • cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
    cpe:2.3:o:ubuntu:ubuntu_linux:4.1:-:ppc
CVSS
Base: 10.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2004-117.NASL
    description A vulnerability in the MSN protocol handler in the gaim instant messenger application was discovered. When receiving unexpected sequences of MSNSLP messages, it is possible that an attacker could trigger an internal buffer overflow which could lead to a crash or even code execution as the user running gaim. The updated packages are patched to fix this problem. This problem does not affect Mandrakelinux 10.0 installations.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 15597
    published 2004-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15597
    title Mandrake Linux Security Advisory : gaim (MDKSA-2004:117)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-8-1.NASL
    description A buffer overflow and two remote crashes were recently discovered in gaim's MSN protocol handler. An attacker could potentially execute arbitrary code with the user's privileges by crafting and sending a particular MSN message. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20703
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20703
    title Ubuntu 4.10 : gaim vulnerabilities (USN-8-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1E6C4008245F11D9B5840050FC56D258.NASL
    description Due to a buffer overflow in the MSN protocol support for gaim 0.79 to 1.0.1, it is possible for remote clients to do a denial-of-service attack on the application. This is caused by an unbounded copy operation, which writes to the wrong buffer.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 18861
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18861
    title FreeBSD : gaim -- buffer overflow in MSN protocol support (1e6c4008-245f-11d9-b584-0050fc56d258)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2004-296-01.NASL
    description New gaim packages are available for Slackware 9.0, 9.1, 10.0 and -current to fix a buffer overflow in the MSN protocol. Sites that use GAIM should upgrade to the new version.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 18760
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18760
    title Slackware 10.0 / 9.0 / 9.1 / current : gaim (SSA:2004-296-01)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2004-604.NASL
    description An updated gaim package that fixes security issues, fixes various bugs, and includes various enhancements for Red Hat Enterprise Linux 3 is now available. The gaim application is a multi-protocol instant messaging client. A buffer overflow has been discovered in the MSN protocol handler. When receiving unexpected sequence of MSNSLP messages, it is possible that an attacker could cause an internal buffer overflow, leading to a crash or possible code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0891 to this issue. This updated gaim package also fixes multiple user interface, protocol, and error handling problems, including an ICQ communication encoding issue. Additionally, these updated packages have compiled gaim as a PIE (position independent executable) for added protection against future security vulnerabilities. All users of gaim should upgrade to this updated package, which includes various bug fixes, as well as a backported security patch.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 15532
    published 2004-10-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15532
    title RHEL 3 : gaim (RHSA-2004:604)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200410-23.NASL
    description The remote host is affected by the vulnerability described in GLSA-200410-23 (Gaim: Multiple vulnerabilities) A possible buffer overflow exists in the code processing MSN SLP messages (CAN-2004-0891). memcpy() was used without validating the size of the buffer, and an incorrect buffer was used as destination under certain circumstances. Additionally, memory allocation problems were found in the processing of MSN SLP messages and the receiving of files. These issues could lead Gaim to try to allocate more memory than available, resulting in the crash of the application. Impact : A remote attacker could crash Gaim and possibly execute arbitrary code by exploiting the buffer overflow. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 15559
    published 2004-10-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=15559
    title GLSA-200410-23 : Gaim: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-068.NASL
    description A bug was discovered in the way that gtk+2.0 processes BMP images which could allow for a specially crafted BMP to cause a Denial of Service attack on applications linked against gtk+2.0. The updated packages have been patched to correct these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18003
    published 2005-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18003
    title Mandrake Linux Security Advisory : gtk+2.0 (MDKSA-2005:068)
oval via4
accepted 2013-04-29T04:15:47.477-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
description nded copy operation that writes to the wrong buffer.
family unix
id oval:org.mitre.oval:def:11790
status accepted
submitted 2010-07-09T03:56:16-04:00
title Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
version 23
redhat via4
advisories
rhsa
id RHSA-2004:604
refmap via4
confirm http://gaim.sourceforge.net/security/?id=9
fedora FLSA:2188
gentoo GLSA-200410-23
ubuntu USN-8-1
xf
  • gaim-file-transfer-dos(17790)
  • gaim-msn-slp-bo(17786)
  • gaim-msn-slp-dos(17787)
Last major update 07-12-2016 - 21:59
Published 27-01-2005 - 00:00
Last modified 10-10-2017 - 21:29
Back to Top