Info

Disclosure

Jan 27, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in gaim. Gaim fails to correctly parse some malformed directIM packets, resulting in a heap overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Rumored
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.75 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by applying the FreeBSD security team's patch.

Products

Gaim

gaim

0.74

References

Other Solution URL: http://security.e-matters.de/patches/gaim-0.75-fix.diff
Secunia Advisory ID: 10705
CVE ID: 2004-0008 (see also: NVD)
Related OSVDB ID: 3730 3731 3732 3733
Vendor URL: http://gaim.sourceforge.net/
Other Advisory URL: http://security.e-matters.de/advisories/012004.html
Vendor Specific Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=885370&group_id=235&atid=100235

Credit

Stefan Esser - sesserhardened-php.net - www.hardened-php.net

Direct URL: http://osvdb.org/3734