SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Instant Messaging/IRC/Chat)  >   Gaim Vendors:   Gaim.sourceforge.net
Gaim Buffer Overflows in Groupware Messages, URLs, Hostname Lookups, and RTF Messages May Permit Remote Code Execution
SecurityTracker Alert ID:  1011083
SecurityTracker URL:  http://securitytracker.com/id/1011083
CVE Reference:   CVE-2004-0785, CVE-2004-0754   (Links to External Site)
Date:  Aug 28 2004
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 0.82
Description:   Several overflow vulnerabilities were reported in Gaim. A remote user may be able to execute arbitrary code on the target system. A remote server can also cause the Gaim client to crash.

The vendor reported that a remote groupware server can send specially crafted messages to a target client to trigger a memory allocation integer overflow [CVE: CVE-2004-0754]. The resulting heap overflow may allow arbitrary code to be executed.

It is also reported that a remote user can send a specially crafted URL that, when received by the target user, will overflow a static buffer of 2048 bytes [CVE: CVE-2004-0785].

It is also reported that a hostname lookup overflow can be triggered [CVE: CVE-2004-0785]. If the DNS server returns a hostname that is greater than MAXHOSTNAMELEN bytes, a buffer overflow will occur.

It is also reported that a remote user can create an invalid rich text format (RTF) message to trigger one of several buffer overflows [CVE: CVE-2004-0785].

It is also reported that a remote web server can return a large HTTP Content-Length header value to cause the target user's Gaim to crash. This can be triggered if the supplied length value is large enough to cause Gaim to consume all available memory. This can occur when Gaim reads profile information on some protocols and when smiley themes are installed via drag and drop.

The original advisories are available at:

http://gaim.sourceforge.net/security/index.php?id=2
http://gaim.sourceforge.net/security/index.php?id=3
http://gaim.sourceforge.net/security/index.php?id=4
http://gaim.sourceforge.net/security/index.php?id=5
http://gaim.sourceforge.net/security/index.php?id=6

Impact:   A remote user can cause arbitrary code to be executed on the target application or cause the application to crash.
Solution:   The vendor has released a fixed version (0.82), available at:

http://gaim.sourceforge.net/downloads.php

Vendor URL:  gaim.sourceforge.net/security/ (Links to External Site)
Cause:   Boundary error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 17 2004 (Fedora Issues Fix for RH Linux) Gaim Buffer Overflows in Groupware Messages, URLs, Hostname Lookups, and RTF Messages May Permit Remote Code Execution
Fedora has released a fix for Red Hat Linux 7.3 and 9.
Oct 21 2004 (Mandrake Issues Fix) Gaim Buffer Overflows in Groupware Messages, URLs, Hostname Lookups, and RTF Messages May Permit Remote Code Execution
Mandrake has released a fix.
Nov 5 2004 (Conectiva Issues Fix) Gaim Buffer Overflows in Groupware Messages, URLs, Hostname Lookups, and RTF Messages May Permit Remote Code Execution
Conectiva has released a fix.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC