Info

Disclosure

Jan 27, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in GAIM Instant Messager client. GAIM fails to address malformed input resulting in a heap overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management, Input Manipulation, Other
Impact: Loss of Integrity, Loss of Availability

Solution

Upgrade to version 0.76 when available. The FreeBSD security team has released an unoffcial patch which also corrects this vulnerability.

Products

Unknown or Incomplete

References

Other Solution URL: http://security.e-matters.de/patches/gaim-0.75-fix.diff
Secunia Advisory ID: 10705
ISS X-Force ID: 14942
CVE ID: 2004-0005 (see also: NVD)
Related OSVDB ID: 3730 3731 3732 3733 3734 3735
Other Advisory URL: http://security.e-matters.de/advisories/012004.html
Vendor Specific Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=885370&group_id=235&atid=100235

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/3736