A local overflow exists in gaim. The msn_slp_sip_recv() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Upgrade to version 0.82 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch Gaim has released to address this vulnerability.

• Security Tracker: 1010872
• Secunia Advisory ID: 12125 12282 12287 12292 12382 12383 13101
• ISS X-Force ID: 16920
• CVE ID: 2004-0500 (see also: NVD)
• Related OSVDB ID: 8961 8962
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0188.html
• Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000884
  http://security.gentoo.org/glsa/glsa-200408-12.xml
  http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:081
  http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.375602
  http://www.suse.de/de/security/2004_25_gaim.html
• Vendor URL: http://gaim.sourceforge.net/
• Vendor Specific Solution URL: http://gaim.sourceforge.net/gaim-0.81-2.diff
• Vendor Specific Advisory URL: http://gaim.sourceforge.net/security/index.php?id=0

• Sebastian Krahmer - krahmersuse.de - SuSE