Gaim Can Be Crashed By Sending a Filename Containing a Parenthesis Character to a Remote User - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Instant Messaging/IRC/Chat) > Gaim

Vendors: Gaim.sourceforge.net

Gaim Can Be Crashed By Sending a Filename Containing a Parenthesis Character to a Remote User

SecurityTracker Alert ID: 1013300

SecurityTracker URL: http://securitytracker.com/id/1013300

CVE Reference: CAN-2005-0573 (Links to External Site)

Updated: Feb 28 2005

Original Entry Date: Feb 25 2005

Impact: Denial of service via network

Exploit Included: Yes

Version(s): 1.1.3; possibly other versions

Description: A vulnerability was reported in Gaim in the file transfer feature. A remote user can cause the recipient's Gaim client to crash.

A remote user can send a file with a specially crafted filename to a target user to cause the target user's Gaim client to crash. A filename containing a parenthesis character can trigger the flaw.

A demonstration exploit filename is provided:

gaim1.1(windows).exe

Randall Perry of domain-logic.com reported this vulnerability.

Impact: A remote user can cause the recipient's Gaim client to crash.

Solution: No solution was available at the time of this entry.

Vendor URL: gaim.sourceforge.net/ (Links to External Site)

Cause: Exception handling error, Input validation error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Date: Thu, 24 Feb 2005 17:02:07 -0500
Subject: [Full-Disclosure] GAIM exploit


Platform: Windows (tested only on XP and 2000, might impact others)
Application: GAIM v1.1.3
Synopsis: Cause remote crash of GAIM client.
Scenario:

By sending a file to another GAIM user, you can cause their GAIM client
to crash and completely close GAIM down.

Simply send a file to someone with parenthesis in it, and it will crash
when they accept the download (the download does not even begin, it just
crashes).

Example: filename of gaim1.1(windows).exe
will cause it to crash.

I am still playing with the debug version of GAIM, and having just run
through GTK updates to 2.4 I do not have time to digest and post those.
So far, it looks like it has to do with libglib-2.0-0.dll
I am following up with a post to GAIM developers with a complete report.

http://www.domain-logic.com/


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC