SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Instant Messaging/IRC/Chat)  >   Gaim Vendors:   Gaim.sourceforge.net
Gaim Buffer Overflows in Processing MSN Protocol May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1010872
SecurityTracker URL:  http://securitytracker.com/id/1010872
CVE Reference:   CAN-2004-0500   (Links to External Site)
Date:  Aug 5 2004
Impact:   Execution of arbitrary code via network


Description:   Some vulnerabilities were reported in Gaim in the processing of the MSN protocol. A remote user may be able to execute arbitrary code on the target system.

SuSE reported that the SuSE Security Team discovered several remotely exploitable buffer overflows in the MSN protocol parsing functions. No further details were provided.
Impact:   A remote user may be able to execute arbitrary code on the target system.
Solution:   No upstream solution was available at the time of this entry.
Vendor URL:  gaim.sourceforge.net/ (Links to External Site)
Cause:   Boundary error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Aug 13 2004 (SuSE Issues Fix) Gaim Buffer Overflows in Processing MSN Protocol May Let Remote Users Execute Arbitrary Code   (Thomas Biege <thomas@suse.de>)
SuSE has released a fix.
Aug 13 2004 (Mandrake Issues Fix) Gaim Buffer Overflows in Processing MSN Protocol May Let Remote Users Execute Arbitrary Code   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Aug 13 2004 (Gentoo Issues Fix) Gaim Buffer Overflows in Processing MSN Protocol May Let Remote Users Execute Arbitrary Code   (Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>)
Gentoo has released a fix.
Oct 17 2004 (Fedora Issues Fix for RH Linux) Gaim Buffer Overflows in Processing MSN Protocol May Let Remote Users Execute Arbitrary Code   (Marc Deslauriers <marcdeslauriers@videotron.ca>)
Fedora has released a fix for Red Hat Linux 7.3 and 9.
Nov 5 2004 (Conectiva Issues Fix) Gaim Buffer Overflows in Processing MSN Protocol May Let Remote Users Execute Arbitrary Code   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.


 Source Message Contents
Date:  Wed, 04 Aug 2004 11:47:48 -0400
Subject:  CAN-2004-0500


SuSE reported that the SuSE Security Team discovered several remotely exploitable buffer 
overflows in the MSN-protocol parsing functions of gaim.

This affects SuSE Linux 9.1.

[Editor's note:  This may affect other Linux distributions.]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC