(Mandrake Issues Fix) Gaim MSNSLP Buffer Overflow May Let Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1012032 |
|
SecurityTracker URL: http://securitytracker.com/id/1012032
|
|
CVE Reference:
CAN-2004-0891
(Links to External Site)
|
Date: Nov 2 2004
|
Impact:
Denial of service via network, Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 0.79 - 1.0.1
|
Description:
A buffer overflow vulnerability was reported in Gaim in the processing of MSNSLP messages. A remote user may be able to crash the client or execute arbitrary code on the target system.
It is reported that a remote user can send a specially crafted sequence of MSNSLP messages to trigger a buffer overflow.
The flaw resides in 'src/protocols/msn/slplink.c' where a memcpy() call is made without validating the size of the buffer.
It is also reported that in some situations, data may be copied to the wrong buffer due to a logic flaw.
The vendor also reported that a remote user can send a malformed MSNSLP message containing an invalid size value in the header to trigger a buffer overflow and cause the target Gaim client to crash.
The vendor also reported a memory allocation error in the MSN transfer of large files. The Gaim client may crash.
The vendor's advisories are available at:
http://gaim.sourceforge.net/security/?id=7
http://gaim.sourceforge.net/security/?id=8
http://gaim.sourceforge.net/security/?id=9
|
Impact:
A remote user may be able to cause the client to crash.
A remote user may be able to execute arbitrary code on the target system with the privileges of the user running the Gaim client.
|
Solution:
Mandrake has released a fix.
Mandrakelinux 10.1:
6b2e6e52fc0e1da0bb75b7301850387e 10.1/RPMS/gaim-0.82.1-2.1.101mdk.i586.rpm
6846eac8a14b5ff6a0a88aa5aad13edf 10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.i586.rpm
00936e0fc7426aa731249074d09157d9 10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.i586.rpm
9da5d5523a8b36fc269302f846c90326 10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.i586.rpm
66486b28ed9c1ae2a3c51d83098211e6 10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.i586.rpm
5fbd3315fa9d0b044f46c3293506d7ef 10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.i586.rpm
9234881322236a36a3b150ecaa161fbf 10.1/RPMS/libgaim-remote0-0.82.1-2.1.101mdk.i586.rpm
ff323c8ca35ac7f7d06bf1dc559b0971 10.1/RPMS/libgaim-remote0-devel-0.82.1-2.1.101mdk.i586.rpm
f397ccb1e39cf3db656e5375d1d238b5 10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
0df2813a1751c7a768c4fdff3a191443 x86_64/10.1/RPMS/gaim-0.82.1-2.1.101mdk.x86_64.rpm
39e701d2adf67e1c74bd8b131ede3d5e x86_64/10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.x86_64.rpm
22216a8ac0776d8de42d6f5a7de3b427 x86_64/10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.x86_64.rpm
020f9285bcca532427cfcfd052d96235 x86_64/10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.x86_64.rpm
4de10661d941c2a9dc7f1a64071f868f x86_64/10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.x86_64.rpm
92e8ce4e22e77c1235915a0ee68df2ab x86_64/10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.x86_64.rpm
5bf30cddc4f32809a346c2cadef3913a x86_64/10.1/RPMS/lib64gaim-remote0-0.82.1-2.1.101mdk.x86_64.rpm
38797f001f6811fca52e32319d14923c x86_64/10.1/RPMS/lib64gaim-remote0-devel-0.82.1-2.1.101mdk.x86_64.rpm
f397ccb1e39cf3db656e5375d1d238b5 x86_64/10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm
|
Vendor URL: gaim.sourceforge.net/ (Links to External Site)
|
Cause:
Boundary error, State error
|
Underlying OS:
Linux (Mandriva/Mandrake)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: 2 Nov 2004 00:15:32 -0000
Subject: [Security Announce] MDKSA-2004:117 - Updated gaim packages fix
|
This is a multi-part message in MIME format...
------------=_1099365009-1263-2028
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: gaim
Advisory ID: MDKSA-2004:117
Date: November 1st, 2004
Affected versions: 10.1
______________________________________________________________________
Problem Description:
A vulnerability in the MSN protocol handler in the gaim instant
messenger application was discovered. When receiving unexpected
sequences of MSNSLP messages, it is possible that an attacker could
trigger an internal buffer overflow which could lead to a crash or
even code execution as the user running gaim.
The updated packages are patched to fix this problem. This problem
does not affect Mandrakelinux 10.0 installations.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0891
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.1:
6b2e6e52fc0e1da0bb75b7301850387e 10.1/RPMS/gaim-0.82.1-2.1.101mdk.i586.rpm
6846eac8a14b5ff6a0a88aa5aad13edf 10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.i586.rpm
00936e0fc7426aa731249074d09157d9 10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.i586.rpm
9da5d5523a8b36fc269302f846c90326 10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.i586.rpm
66486b28ed9c1ae2a3c51d83098211e6 10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.i586.rpm
5fbd3315fa9d0b044f46c3293506d7ef 10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.i586.rpm
9234881322236a36a3b150ecaa161fbf 10.1/RPMS/libgaim-remote0-0.82.1-2.1.101mdk.i586.rpm
ff323c8ca35ac7f7d06bf1dc559b0971 10.1/RPMS/libgaim-remote0-devel-0.82.1-2.1.101mdk.i586.rpm
f397ccb1e39cf3db656e5375d1d238b5 10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
0df2813a1751c7a768c4fdff3a191443 x86_64/10.1/RPMS/gaim-0.82.1-2.1.101mdk.x86_64.rpm
39e701d2adf67e1c74bd8b131ede3d5e x86_64/10.1/RPMS/gaim-devel-0.82.1-2.1.101mdk.x86_64.rpm
22216a8ac0776d8de42d6f5a7de3b427 x86_64/10.1/RPMS/gaim-festival-0.82.1-2.1.101mdk.x86_64.rpm
020f9285bcca532427cfcfd052d96235 x86_64/10.1/RPMS/gaim-gevolution-0.82.1-2.1.101mdk.x86_64.rpm
4de10661d941c2a9dc7f1a64071f868f x86_64/10.1/RPMS/gaim-perl-0.82.1-2.1.101mdk.x86_64.rpm
92e8ce4e22e77c1235915a0ee68df2ab x86_64/10.1/RPMS/gaim-tcl-0.82.1-2.1.101mdk.x86_64.rpm
5bf30cddc4f32809a346c2cadef3913a x86_64/10.1/RPMS/lib64gaim-remote0-0.82.1-2.1.101mdk.x86_64.rpm
38797f001f6811fca52e32319d14923c x86_64/10.1/RPMS/lib64gaim-remote0-devel-0.82.1-2.1.101mdk.x86_64.rpm
f397ccb1e39cf3db656e5375d1d238b5 x86_64/10.1/SRPMS/gaim-0.82.1-2.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFBhtGkmqjQ0CJFipgRAsoPAKDEMvnlTFXSgDZLVrQkpaqIKfXFkwCgr5zh
LdUWMp21jmF8nn7bv0AZxvw=
=HcqR
-----END PGP SIGNATURE-----
------------=_1099365009-1263-2028
Content-Type: text/plain; name="message.footer"
Content-Disposition: inline; filename="message.footer"
Content-Transfer-Encoding: 8bit
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
------------=_1099365009-1263-2028--
|
|
