Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0966

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2005-0966
Last Modified 21 Aug 2010 12:27:21
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0966

Summary

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

Vulnerable Systems

Application

  • Rob Flynn Gaim 1.2.0


References

CONFIRM - http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750

SECUNIA - 14815

XF - gaim-ircmsginvite-dos(19939)

XF - gaim-irc-plugin-bo(19937)

BUGTRAQ - 20050401 multiple remote denial of service vulnerabilities in Gaim

CONFIRM - http://gaim.sourceforge.net/security/index.php?id=14

BID - 13003

FEDORA - FLSA:158543

REDHAT - RHSA-2005:365

SUSE - SUSE-SA:2005:036

MANDRAKE - MDKSA-2005:071


Last Updated: 27 May 2016 10:39:58