Info

Disclosure

Aug 05, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in gaim. The msn_slp_sip_recv() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Upgrade to version 0.82 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch Gaim has released to address this vulnerability.

Products

Rob Flynn

gaim

0.80

References

Security Tracker: 1010872
Secunia Advisory ID: 12125 12282 12287 12292 12382 12383 13101
ISS X-Force ID: 16920
CVE ID: 2004-0500 (see also: NVD)
Related OSVDB ID: 8961 8962
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0188.html
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000884
http://security.gentoo.org/glsa/glsa-200408-12.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:081
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.375602
http://www.suse.de/de/security/2004_25_gaim.html
Vendor URL: http://gaim.sourceforge.net/
Vendor Specific Solution URL: http://gaim.sourceforge.net/gaim-0.81-2.diff
Vendor Specific Advisory URL: http://gaim.sourceforge.net/security/index.php?id=0

Credit

Sebastian Krahmer - krahmersuse.de - SuSE

Direct URL: http://osvdb.org/8382