Gentoo Logo

Gaim: Denial of Service issues

Content:

1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200504-05 / Gaim
Release Date April 06, 2005
Latest Revision April 06, 2005: 03
Impact low
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
net-im/gaim < 1.2.1 >= 1.2.1 All supported architectures

Related bugreports: #87903

Synopsis

Gaim contains multiple vulnerabilities that can lead to a Denial of Service.

2.  Impact Information

Background

Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols.

Description

Multiple vulnerabilities have been addressed in the latest release of Gaim:

  • A buffer overread in the gaim_markup_strip_html() function, which is used when logging conversations (CAN-2005-0965).
  • Markup tags are improperly escaped using Gaim's IRC plugin (CAN-2005-0966).
  • Sending a specially crafted file transfer request to a Gaim Jabber user can trigger a crash (CAN-2005-0967).

Impact

An attacker could possibly cause a Denial of Service by exploiting any of these vulnerabilities.

3.  Resolution Information

Workaround

There is no known workaround at this time.

Resolution

All Gaim users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.2.1"

4.  References



Print

Page updated April 06, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.