Executive Summary
| Summary | |
|---|---|
| Title | Updated gaim package fixes security issues |
| Informations | |||
|---|---|---|---|
| Name | RHSA-2004:400 | First vendor Publication | 2004-09-07 |
| Vendor | RedHat | Last vendor Modification | 2004-09-07 |
| Severity (Vendor) | N/A | Revision | 01 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Problem Description: An updated gaim package that fixes several security issues is now available. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 3. Problem description: Gaim is an instant messenger client that can handle multiple protocols. Buffer overflow bugs were found in the Gaim MSN protocol handler. In order to exploit these bugs, an attacker would have to perform a man in the middle attack between the MSN server and the vulnerable Gaim client. Such an attack could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0500 to this issue. Buffer overflow bugs have been found in the Gaim URL decoder, local hostname resolver, and the RTF message parser. It is possible that a remote attacker could send carefully crafted data to a vulnerable client and lead to a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0785 to this issue. A shell escape bug has been found in the Gaim smiley theme file installation. When a user installs a smiley theme, which is contained within a tar file, the unarchiving of the data is done in an unsafe manner. An attacker could create a malicious smiley theme that would execute arbitrary commands if the theme was installed by the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0784 to this issue. An integer overflow bug has been found in the Gaim Groupware message receiver. It is possible that if a user connects to a malicious server, an attacker could send carefully crafted data which could lead to arbitrary code execution on the victims machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0754 to this issue. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 0.82 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. Use Red Hat Network to download and update your packages. To launch the Red Hat Update Agent, use the following command: up2date For information on how to install packages manually, refer to the following Web page for the System Administration or Customization guide specific to your system: http://www.redhat.com/docs/manuals/enterprise/ 5. Bug IDs fixed (http://bugzilla.redhat.com/ for more info): 126842 - CAN-2004-0500 Gaim MSN protocol vulnerabilities |
Original Source
| Url : https://rhn.redhat.com/errata/RHSA-2004-400.html |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10008 | |||
| Oval ID: | oval:org.mitre.oval:def:10008 | ||
| Title: | The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. | ||
| Description: | The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0784 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10220 | |||
| Oval ID: | oval:org.mitre.oval:def:10220 | ||
| Title: | Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages. | ||
| Description: | Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0754 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:10907 | |||
| Oval ID: | oval:org.mitre.oval:def:10907 | ||
| Title: | Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder. | ||
| Description: | Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0785 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:9429 | |||
| Oval ID: | oval:org.mitre.oval:def:9429 | ||
| Title: | Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. | ||
| Description: | Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0500 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-12 (gaim) File : nvt/glsa_200408_12.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200408-27 (Gaim) File : nvt/glsa_200408_27.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim3.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim4.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim5.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim6.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim8.nasl |
| 0000-00-00 | Name : Slackware Advisory SSA:2004-239-01 gaim File : nvt/esoft_slk_ssa_2004_239_01.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 9263 | Gaim RTF Message Overflow A remote overflow exists in Gaim. Gaim fails to preform bounds checking when receiving RichTextFormat messages resulting in a buffer overflow. With a specially crafted RTF message, an attacker could execute arbitrary commands resulting in a loss of integrity. |
| 9262 | Gaim Local Hostname Resolution Overflow A remote overflow exists in Gaim. Gaim fails to check the length of the destination buffer, when receiveing a reply to a DNS lookup of the local host name resulting in a buffer overflow. With a specially crafted request, an attacker can compromise the system resulting in a loss of integrity. |
| 9261 | Gaim URL Decode Overflow A remote overflow exists in Gaim. Gaim fails to check that a received URL is shorter than 2048 bytes resulting in a buffer overflow. With a specially crafted request, an attacker can compromise the system resulting in a loss of integrity. |
| 9260 | Gaim Groupware Message Receive Overflow A remote overflow exists in Gaim. Gaim fails to check integer length resulting in a buffer overflow. With a specially crafted request, an attacker running a malicious groupware server can execute arbitrary commands on a gaim client resulting in a loss of integrity. |
| 9259 | Gaim Smiley Theme Installation Escape Issue |
| 8962 | Gaim msn_import_html() Function Overflow A local overflow exists in gaim. The issue is due to unbounded recursive msn_import_html() function calls resulting in a stack overflow. With a specially crafted request, an attacker can cause the application to crash or execute arbitrary code resulting in a loss of availability or integrity. |
| 8961 | Gaim encode_spaces() Function Overflow A local overflow exists in gaim. The encode_spaces() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 8382 | Gaim msn_slp_sip_recv() Function Overflow A local overflow exists in gaim. The msn_slp_sip_recv() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5b8f9a02ec9311d8b913000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_4260eacb26b811d99289000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_635bf5f426b711d99289000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_e16293f026b711d99289000c41e2cdad.nasl - Type : ACT_GATHER_INFO |
| 2004-10-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-110.nasl - Type : ACT_GATHER_INFO |
| 2004-09-09 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-400.nasl - Type : ACT_GATHER_INFO |
| 2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-12.nasl - Type : ACT_GATHER_INFO |
| 2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200408-27.nasl - Type : ACT_GATHER_INFO |
| 2004-08-26 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-278.nasl - Type : ACT_GATHER_INFO |
| 2004-08-26 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-279.nasl - Type : ACT_GATHER_INFO |
| 2004-08-22 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-081.nasl - Type : ACT_GATHER_INFO |
| 2004-08-12 | Name : The remote host is missing a vendor-supplied security patch File : suse_SA_2004_025.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:48:35 |
|
