Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0006

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-0006
Last Modified 21 Aug 2010 12:19:26
Published 03 Mar 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0006

Summary

Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.

Vulnerable Systems

Application

  • Rob Flynn Gaim 0.75

  • Ultramagnetic 0.81


References

CERT-VN - VU#871838

CERT-VN - VU#527142

CERT-VN - VU#503030

CERT-VN - VU#444158

CERT-VN - VU#371382

CERT-VN - VU#297198

REDHAT - RHSA-2004:032

CONFIRM - http://ultramagnetic.sourceforge.net/advisories/001.html

MISC - http://security.e-matters.de/advisories/012004.html

REDHAT - RHSA-2004:045

REDHAT - RHSA-2004:033

SUSE - SuSE-SA:2004:004

DEBIAN - DSA-434

GENTOO - GLSA-200401-04

BUGTRAQ - 20040126 Advisory 01/2004: 12 x Gaim remote overflows

SGI - 20040201-01-U

XF - gaim-http-proxy-bo(14947)

XF - gaim-urlparser-bo(14945)

XF - gaim-yahoopacketread-keyname-bo(14943)

XF - gaim-login-value-bo(14941)

XF - gaim-login-name-bo(14940)

XF - gaim-yahoowebpending-cookie-bo(14939)

SLACKWARE - SSA:2004-026

SECTRACK - 1008850

BID - 9489

OSVDB - 3732

OSVDB - 3731

MANDRAKE - MDKSA-2004:006

BUGTRAQ - 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code

CONECTIVA - CLA-2004:813

SGI - 20040202-01-U


Last Updated: 27 May 2016 10:38:26