Gaim Bugs in Processing MSN Messages and Certain URLs Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1013942 |
|
SecurityTracker URL: http://securitytracker.com/id/1013942
|
|
CVE Reference:
CAN-2005-1261, CAN-2005-1262
(Links to External Site)
|
Date: May 11 2005
|
Impact:
Denial of service via network
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 1.3.0
|
Description:
Two vulnerabilities were reported in Gaim in the processing of MSN messages and certain URLs. A remote user can cause the application to crash.
A remote user can send an instant message containing a specially crafted URL that will cause a buffer overflow [CVE: CAN-2005-1261]. A URL longer than 8192 bytes can trigger the overflow. Jabber and SILC protocols are affected. Other protocols may also be affected.
A remote user can send a specially crafted MSN message to trigger a pointer error and cause the client to crash [CVE: CAN-2005-1262]. A remote user can send an SLP message with an empty body to trigger the flaw.
The original advisories are available at:
http://gaim.sourceforge.net/security/index.php?id=16
http://gaim.sourceforge.net/security/index.php?id=17
The vendor credits Stu Tomlinson with reporting the long URL buffer overflow. The vendor credits Siebe Tolsma with reporting the MSN vulnerability.
|
Impact:
A remote user can cause the target user's client to crash.
|
Solution:
The vendor has issued a fixed version (1.3.0), available at:
http://gaim.sourceforge.net/downloads.php
|
Vendor URL: gaim.sourceforge.net/security/index.php?id=16 (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 11 May 2005 04:28:27 -0400
Subject: http://gaim.sourceforge.net/security/index.php?id=16
|
http://gaim.sourceforge.net/security/index.php?id=16
> Title Remote crash on some protocols
> Date 10 May 2005
> CVE Name CAN-2005-1261
> Discovered By Stu Tomlinson
> Summary Specially crafted messages on certain protocols can cause a buffer
> overflow
> Description It is possible for a remote user to overflow a static buffer by sending
> an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is
> not possible on all protocols, due to message length restrictions. Jabber are SILC
> are known to be vulnerable.
> Fixed in Version 1.3.0
http://gaim.sourceforge.net/security/index.php?id=17
> Title MSN Remote DoS
> Date 10 May 2005
> CVE Name CAN-2005-1262
> Discovered By Siebe Tolsma
> Summary Remote denial of service when receiving a specially crafted MSN message
> Description Potential remote denial of service bug resulting from not checking a
> pointer for non-NULL before passing it to strncmp, which results in a crash. This can
> be triggered by a remote client sending an SLP message with an empty body.
> Fixed in Version 1.3.0
|
|
