ID CVE-2005-0966
Summary The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
References
Vulnerable Configurations
  • cpe:2.3:a:rob_flynn:gaim:1.2.0
    cpe:2.3:a:rob_flynn:gaim:1.2.0
CVSS
Base: 6.4 (as of 13-06-2005 - 15:52)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-071.NASL
    description More vulnerabilities have been discovered in the gaim instant messaging client : A buffer overflow vulnerability was found in the way that gaim escapes HTML, allowing a remote attacker to send a specially crafted message to a gaim client and causing it to crash (CVE-2005-0965). A bug was discovered in several of gaim's IRC processing functions that fail to properly remove various markup tags within an IRC message. This could allow a remote attacker to send specially crafted message to a gaim client connected to an IRC server, causing it to crash (CVE-2005-0966). Finally, a problem was found in gaim's Jabber message parser that would allow a remote Jabber user to send a specially crafted message to a gaim client, bausing it to crash (CVE-2005-0967). Gaim version 1.2.1 is not vulnerable to these issues and is provided with this update.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 18052
    published 2005-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18052
    title Mandrake Linux Security Advisory : gaim (MDKSA-2005:071)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EC09BAA3A9F511D9A7880001020EED82.NASL
    description The GAIM team reports : The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 19153
    published 2005-07-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19153
    title FreeBSD : gaim -- remote DoS on receiving certain messages over IRC (ec09baa3-a9f5-11d9-a788-0001020eed82)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200504-05.NASL
    description The remote host is affected by the vulnerability described in GLSA-200504-05 (Gaim: Denial of Service issues) Multiple vulnerabilities have been addressed in the latest release of Gaim: A buffer overread in the gaim_markup_strip_html() function, which is used when logging conversations (CAN-2005-0965). Markup tags are improperly escaped using Gaim's IRC plugin (CAN-2005-0966). Sending a specially crafted file transfer request to a Gaim Jabber user can trigger a crash (CAN-2005-0967). Impact : An attacker could possibly cause a Denial of Service by exploiting any of these vulnerabilities. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 17992
    published 2005-04-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=17992
    title GLSA-200504-05 : Gaim: Denial of Service issues
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-106-1.NASL
    description Jean-Yves Lefort discovered a buffer overflow in the gaim_markup_strip_html() function. This caused Gaim to crash when receiving certain malformed HTML messages. (CAN-2005-0965) Jean-Yves Lefort also noticed that many functions that handle IRC commands do not escape received HTML metacharacters; this allowed remote attackers to cause a Denial of Service by injecting arbitrary HTML code into the conversation window, popping up arbitrarily many empty dialog boxes, or even causing Gaim to crash. (CAN-2005-0966). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20492
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20492
    title Ubuntu 4.10 : gaim vulnerabilities (USN-106-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-365.NASL
    description An updated gaim package that fixes multiple denial of service issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Gaim application is a multi-protocol instant messaging client. A buffer overflow bug was found in the way gaim escapes HTML. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0965 to this issue. A bug was found in several of gaim's IRC processing functions. These functions fail to properly remove various markup tags within an IRC message. It is possible that a remote attacker could send a specially crafted message to a Gaim client connected to an IRC server, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0966 to this issue. A bug was found in gaim's Jabber message parser. It is possible for a remote Jabber user to send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0967 to this issue. In addition to these denial of service issues, multiple minor upstream bugfixes are included in this update. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 1.2.1 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 18019
    published 2005-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=18019
    title RHEL 3 / 4 : gaim (RHSA-2005:365)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-365.NASL
    description An updated gaim package that fixes multiple denial of service issues is now available. This update has been rated as having important security impact by the Red Hat Security Response Team. The Gaim application is a multi-protocol instant messaging client. A buffer overflow bug was found in the way gaim escapes HTML. It is possible that a remote attacker could send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0965 to this issue. A bug was found in several of gaim's IRC processing functions. These functions fail to properly remove various markup tags within an IRC message. It is possible that a remote attacker could send a specially crafted message to a Gaim client connected to an IRC server, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0966 to this issue. A bug was found in gaim's Jabber message parser. It is possible for a remote Jabber user to send a specially crafted message to a Gaim client, causing it to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0967 to this issue. In addition to these denial of service issues, multiple minor upstream bugfixes are included in this update. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 1.2.1 and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21811
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21811
    title CentOS 3 / 4 : gaim (CESA-2005:365)
oval via4
accepted 2013-04-29T04:18:26.176-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
family unix
id oval:org.mitre.oval:def:9185
status accepted
submitted 2010-07-09T03:56:16-04:00
title The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:365
refmap via4
bid 13003
bugtraq 20050401 multiple remote denial of service vulnerabilities in Gaim
confirm
fedora FLSA:158543
mandrake MDKSA-2005:071
secunia 14815
suse SUSE-SA:2005:036
xf
  • gaim-irc-plugin-bo(19937)
  • gaim-ircmsginvite-dos(19939)
Last major update 17-10-2016 - 23:16
Published 02-05-2005 - 00:00
Last modified 19-10-2018 - 11:31
Back to Top