Gaim: Denial of Service and buffer overflow vulnerabilties

1. Gentoo Linux Security Advisory

Advisory Reference	GLSA 200505-09 / gaim
Release Date	May 12, 2005
Latest Revision	May 12, 2005: 01
Impact	high
Exploitable	remote

Package	Vulnerable versions	Unaffected versions	Architecture(s)
net-im/gaim	< 1.3.0	>= 1.3.0	All supported architectures

Related bugreports: #91862

Synopsis

Gaim contains two vulnerabilities, potentially resulting in the execution of arbitrary code or Denial of Service.

2. Impact Information

Background

Gaim is a full featured instant messaging client which handles a variety of instant messaging protocols.

Description

Stu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe Tolsma discovered that Gaim is also vulnerable to a remote Denial of Service attack when receiving a specially crafted MSN message (CAN-2005-1262).

Impact

A remote attacker could cause a buffer overflow by sending an instant message with a very long URL, potentially leading to the execution of malicious code. By sending a SLP message with an empty body, a remote attacker could cause a Denial of Service or crash of the Gaim client.

3. Resolution Information

Workaround

There are no known workarounds at this time.

Resolution

All Gaim users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0"

4. References

Updated May 12, 2005

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.