Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0891

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0891
Last Modified 21 Aug 2010 12:21:26
Published 27 Jan 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0891

Summary

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

Vulnerable Systems

Operating System

  • Gentoo Linux

  • Gentoo Linux 1.4

  • Slackware Linux 10.0

  • Slackware Linux 9.0

  • Slackware Linux 9.1

  • Slackware Linux Current

  • Ubuntu Linux 4.1

Application

  • Rob Flynn Gaim 0.10

  • Rob Flynn Gaim 0.10.3

  • Rob Flynn Gaim 0.50

  • Rob Flynn Gaim 0.51

  • Rob Flynn Gaim 0.52

  • Rob Flynn Gaim 0.53

  • Rob Flynn Gaim 0.54

  • Rob Flynn Gaim 0.55

  • Rob Flynn Gaim 0.56

  • Rob Flynn Gaim 0.57

  • Rob Flynn Gaim 0.58

  • Rob Flynn Gaim 0.59

  • Rob Flynn Gaim 0.59.1

  • Rob Flynn Gaim 0.60

  • Rob Flynn Gaim 0.61

  • Rob Flynn Gaim 0.62

  • Rob Flynn Gaim 0.63

  • Rob Flynn Gaim 0.64

  • Rob Flynn Gaim 0.65

  • Rob Flynn Gaim 0.66

  • Rob Flynn Gaim 0.67

  • Rob Flynn Gaim 0.68

  • Rob Flynn Gaim 0.69

  • Rob Flynn Gaim 0.70

  • Rob Flynn Gaim 0.71

  • Rob Flynn Gaim 0.72

  • Rob Flynn Gaim 0.73

  • Rob Flynn Gaim 0.74

  • Rob Flynn Gaim 0.75

  • Rob Flynn Gaim 0.78

  • Rob Flynn Gaim 0.82

  • Rob Flynn Gaim 0.82.1

  • Rob Flynn Gaim 1.0

  • Rob Flynn Gaim 1.0.1


References

FEDORA - FLSA:2188

XF - gaim-file-transfer-dos(17790)

XF - gaim-msn-slp-dos(17787)

XF - gaim-msn-slp-bo(17786)

REDHAT - RHSA-2004:604

GENTOO - GLSA-200410-23

CONFIRM - http://gaim.sourceforge.net/security/?id=9

UBUNTU - USN-8-1


Last Updated: 27 May 2016 10:38:48