Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0005

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0005
Last Modified 05 Sep 2008 04:37:16
Published 03 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0005

Summary

Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.

Vulnerable Systems


References

CERT-VN - VU#655974

CERT-VN - VU#404470

CERT-VN - VU#226974

CERT-VN - VU#190366

DEBIAN - DSA-434

MISC - http://security.e-matters.de/advisories/012004.html

BUGTRAQ - 20040126 Advisory 01/2004: 12 x Gaim remote overflows

XF - gaim-mime-decoder-oob(14944)

XF - gaim-mime-decoder-bo(14942)

XF - gaim-sscanf-oob(14938)

XF - gaim-yahoodecode-offbyone-bo(14935)

SLACKWARE - SSA:2004-026

SECTRACK - 1008850

OSVDB - 3736

SUSE - SuSE-SA:2004:004

GENTOO - GLSA-200401-04

CONECTIVA - CLA-2004:813


Last Updated: 27 May 2016 10:38:26