Gaim Can Be Crashed By Remote Users Sending Invalid Jabber File Transfer Requests
|
|
SecurityTracker Alert ID: 1013645
|
|
SecurityTracker URL: http://securitytracker.com/id?1013645
|
|
CVE Reference: CAN-2005-0967
(Links to External Site)
|
Updated: Apr 6 2005
|
Original Entry Date: Apr 5 2005
|
Impact: Denial of service via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 1.2.1
|
Description: A vulnerability was reported in Gaim in the processing of the Jabber protocol. A remote user can cause the target user's Gaim client to crash.
A remote user can send a specially crafted Gaim Jabber file transfer request to trigger an out-of-bounds memory read error and cause the target Gaim client to crash.
The vendor credits Marcus with discovering this vulnerability.
|
Impact: A remote user can cause the target user's Gaim client to crash.
|
Solution: The vendor has issued a fixed version (1.2.1), available at:
http://gaim.sourceforge.net/downloads.php
|
Vendor URL: gaim.sourceforge.net/security/?id=15 (Links to External Site)
|
Cause: Exception handling error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 5 Apr 2005 01:38:30 -0400
Subject: http://gaim.sourceforge.net/security/?id=15
|
> Gaim Vulnerability
> Title Jabber remote crash
> Date 4 April 2005
> Discovered By Marcus
> Summary A remote jabber user can cause Gaim to crash by sending a specific file
> transfer request.
> Fixed in Version 1.2.1
|
|
