ID CVE-2005-2370
Summary Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
References
Vulnerable Configurations
  • cpe:2.3:a:ekg:ekg:1.1
    cpe:2.3:a:ekg:ekg:1.1
  • cpe:2.3:a:ekg:ekg:1.3
    cpe:2.3:a:ekg:ekg:1.3
  • cpe:2.3:a:ekg:ekg:1.4
    cpe:2.3:a:ekg:ekg:1.4
  • cpe:2.3:a:ekg:ekg:1.5
    cpe:2.3:a:ekg:ekg:1.5
  • cpe:2.3:a:ekg:ekg:1.6_rc1
    cpe:2.3:a:ekg:ekg:1.6_rc1
  • cpe:2.3:a:ekg:ekg:2005-04-11
    cpe:2.3:a:ekg:ekg:2005-04-11
  • cpe:2.3:a:ekg:ekg:2005-06-05
    cpe:2.3:a:ekg:ekg:2005-06-05
  • cpe:2.3:a:rob_flynn:gaim:1.4.0
    cpe:2.3:a:rob_flynn:gaim:1.4.0
CVSS
Base: 5.0 (as of 28-07-2005 - 10:11)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-162-1.NASL
    description Marcin Owsiany and Wojtek Kaniewski discovered that some contributed scripts (contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh) in the ekg package created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the script. (CAN-2005-1850) Marcin Owsiany and Wojtek Kaniewski discovered a shell command injection vulnerability in a contributed utility (contrib/scripts/ekgbot-pre1.py). By sending specially crafted content to the bot, an attacker could exploit this to execute arbitrary code with the privileges of the user running ekgbot. (CAN-2005-1851) Marcin Slusarz discovered an integer overflow in the Gadu library. By sending a specially crafted incoming message, a remote attacker could execute arbitrary code with the privileges of the application using libgadu. (CAN-2005-1852) Eric Romang discovered that another contributed script (contrib/scripts/linki.py) created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the script. (CAN-2005-1916) Grzegorz Jaskiewicz discovered several integer overflows in the Gadu library. A remote attacker could exploit this to crash the Gadu client application or even execute arbitrary code with the privileges of the user by sending specially crafted messages. (CAN-2005-2369) Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in the Gadu library. By sending specially crafted messages, a remote attacker could crash the application using the library. (CAN-2005-2370) Marcin Slusarz discovered that the Gadu library did not properly handle endianess conversion in some cases. This caused invalid behavior on big endian architectures. The only affected supported architecture is powerpc. (CAN-2005-2448). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20568
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20568
    title Ubuntu 5.04 : ekg vulnerabilities (USN-162-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1318.NASL
    description Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-2370 It was discovered that memory alignment errors may allow remote attackers to cause a denial of service on certain architectures such as sparc. This only affects Debian Sarge. - CVE-2005-2448 It was discovered that several endianess errors may allow remote attackers to cause a denial of service. This only affects Debian Sarge. - CVE-2007-1663 It was discovered that a memory leak in handling image messages may lead to denial of service. This only affects Debian Etch. - CVE-2007-1664 It was discovered that a NULL pointer deference in the token OCR code may lead to denial of service. This only affects Debian Etch. - CVE-2007-1665 It was discovered that a memory leak in the token OCR code may lead to denial of service. This only affects Debian Etch.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 25584
    published 2007-06-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=25584
    title Debian DSA-1318-1 : ekg - several vulnerabilities
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-773.NASL
    description This advisory adds security support for the stable amd64 distribution. It covers all security updates since the release of sarge, which were missing updated packages for the not yet official amd64 port. Future security advisories will include updates for this port as well.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 57528
    published 2012-01-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57528
    title Debian DSA-773-1 : amd64 - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-139.NASL
    description Yet more vulnerabilities have been discovered in the gaim IM client. Invalid characters in a sent file can cause Gaim to crash on some systems (CVE-2005-2102); a remote AIM or ICQ user can cause a buffer overflow in Gaim by setting an away message containing many AIM substitution strings (CVE-2005-2103); a memory alignment bug in the library used by Gaim to access the Gadu-Gadu network can result in a buffer overflow on non-x86 architecture systems (CVE-2005-2370). These problems have been corrected in gaim 1.5.0 which is provided with this update.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19896
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19896
    title Mandrake Linux Security Advisory : gaim (MDKSA-2005:139)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-639.NASL
    description Updated kdenetwork packages to correct a security flaw in Kopete are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdenetwork package contains networking applications for the K Desktop Environment. Kopete is a KDE instant messenger which supports a number of protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu. Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1852 to this issue. In order to be affected by this issue, a user would need to have registered with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive a malicious message. In addition, Red Hat believes that the Exec-shield technology (enabled by default in Red Hat Enterprise Linux 4) would block attempts to remotely exploit this vulnerability. Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3. Users of Kopete should update to these packages which contain a patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21954
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21954
    title CentOS 4 : kdenetwork (CESA-2005:639)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-769.NASL
    description Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in libgadu (from ekg, console Gadu Gadu client, an instant messaging program) which is included in gaim, a multi-protocol instant messaging client, as well. This can not be exploited on the x86 architecture but on others, e.g. on Sparc and lead to a bus error, in other words a denial of service. The old stable distribution (woody) does not seem to be affected by this problem.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19318
    published 2005-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19318
    title Debian DSA-769-1 : gaim - memory alignment bug
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-813.NASL
    description Several problems have been discovered in libgadu which is also part of centericq, a text-mode multi-protocol instant messenger client. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-2369 Multiple integer signedness errors may allow remote attackers to cause a denial of service or execute arbitrary code. - CAN-2005-2370 Memory alignment errors may allows remote attackers to cause a denial of service on certain architectures such as sparc. - CAN-2005-2448 Several endianess errors may allow remote attackers to cause a denial of service.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 19709
    published 2005-09-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19709
    title Debian DSA-813-1 : centericq - several vulnerabilities
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2005-242-03.NASL
    description New gaim packages are available for Slackware 9.0, 9.1, 10.0, 10.1, and -current to fix some security issues. including: AIM/ICQ away message buffer overflow AIM/ICQ non-UTF-8 filename crash Gadu-Gadu memory alignment bug Sites that use GAIM should upgrade to the new version.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19860
    published 2005-10-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19860
    title Slackware 10.0 / 10.1 / 9.0 / 9.1 / current : gaim (SSA:2005-242-03)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-627.NASL
    description An updated gaim package that fixes multiple security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Gaim is an Internet Messaging client. A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2103 to this issue. Daniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ, causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2102 to this issue. A denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2370 to this issue. Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21846
    published 2006-07-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21846
    title CentOS 3 / 4 : gaim (CESA-2005:627)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-168-1.NASL
    description Daniel Atallah discovered a Denial of Service vulnerability in the file transfer handler of OSCAR (the module that handles various instant messaging protocols like ICQ). A remote attacker could crash the Gaim client of an user by attempting to send him a file with a name that contains invalid UTF-8 characters. (CAN-2005-2102) It was found that specially crafted 'away' messages triggered a buffer overflow. A remote attacker could exploit this to crash the Gaim client or possibly even execute arbitrary code with the permissions of the Gaim user. (CAN-2005-2103) Szymon Zygmunt and Michal Bartoszkiewicz discovered a memory alignment error in the Gadu library, which was fixed in USN-162-1. However, it was discovered that Gaim contains a copy of the vulnerable code. By sending specially crafted messages over the Gadu protocol, a remote attacker could crash Gaim. (CAN-2005-2370). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20574
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20574
    title Ubuntu 4.10 / 5.04 : gaim vulnerabilities (USN-168-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-627.NASL
    description An updated gaim package that fixes multiple security issues is now available. This update has been rated as having critical security impact by the Red Hat Security Response Team. Gaim is an Internet Messaging client. A heap based buffer overflow issue was discovered in the way Gaim processes away messages. A remote attacker could send a specially crafted away message to a Gaim user logged into AIM or ICQ that could result in arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2103 to this issue. Daniel Atallah discovered a denial of service issue in Gaim. A remote attacker could attempt to upload a file with a specially crafted name to a user logged into AIM or ICQ, causing Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2102 to this issue. A denial of service bug was found in Gaim's Gadu Gadu protocol handler. A remote attacker could send a specially crafted message to a Gaim user logged into Gadu Gadu, causing Gaim to crash. Please note that this issue only affects PPC and IBM S/390 systems running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-2370 to this issue. Users of gaim are advised to upgrade to this updated package, which contains backported patches and is not vulnerable to these issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 19423
    published 2005-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19423
    title RHEL 3 / 4 : gaim (RHSA-2005:627)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-639.NASL
    description Updated kdenetwork packages to correct a security flaw in Kopete are now available for Red Hat Enterprise Linux 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdenetwork package contains networking applications for the K Desktop Environment. Kopete is a KDE instant messenger which supports a number of protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu. Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1852 to this issue. In order to be affected by this issue, a user would need to have registered with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive a malicious message. In addition, Red Hat believes that the Exec-shield technology (enabled by default in Red Hat Enterprise Linux 4) would block attempts to remotely exploit this vulnerability. Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3. Users of Kopete should update to these packages which contain a patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 19286
    published 2005-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19286
    title RHEL 4 : kdenetwork (RHSA-2005:639)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_3B4A69820B2411DABC080001020EED82.NASL
    description Wojtek Kaniewski reports : Multiple vulnerabilities have been found in libgadu, a library for handling Gadu-Gadu instant messaging protocol. It is a part of ekg, a Gadu-Gadu client, but is widely used in other clients. Also some of the user contributed scripts were found to behave in an insecure manner. - integer overflow in libgadu (CVE-2005-1852) that could be triggered by an incomming message and lead to application crash and/or remote code execution - insecure file creation (CVE-2005-1850) and shell command injection (CVE-2005-1851) in other user contributed scripts (discovered by Marcin Owsiany and Wojtek Kaniewski) - several signedness errors in libgadu that could be triggered by an incomming network data or an application passing invalid user input to the library - memory alignment errors in libgadu that could be triggered by an incomming message and lead to bus errors on architectures like SPARC - endianness errors in libgadu that could cause invalid behaviour of applications on big-endian architectures
    last seen 2019-02-21
    modified 2018-12-19
    plugin id 21414
    published 2006-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21414
    title FreeBSD : libgadu -- multiple vulnerabilities (3b4a6982-0b24-11da-bc08-0001020eed82)
oval via4
accepted 2013-04-29T04:05:50.299-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
family unix
id oval:org.mitre.oval:def:10456
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
version 24
redhat via4
advisories
rhsa
id RHSA-2005:627
refmap via4
bid 24600
bugtraq 20050721 Multiple vulnerabilities in libgadu and ekg package
confirm http://gaim.sourceforge.net/security/index.php?id=20
debian
  • DSA-1318
  • DSA-813
fedora FLSA:158543
secunia 16265
Last major update 17-10-2016 - 23:26
Published 26-07-2005 - 00:00
Last modified 19-10-2018 - 11:32
Back to Top