Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Gentoo Local Security Checks --> Category: infos

[GLSA-200505-09] Gaim: Denial of Service and buffer overflow vulnerabilties Vulnerability Scan

Vulnerability Scan Summary
Gaim: Denial of Service and buffer overflow vulnerabilties

Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200505-09
(Gaim: Denial of Service and buffer overflow vulnerabilties)

Stu Tomlinson discovered that Gaim is vulnerable to a remote stack
based buffer overflow when receiving messages in certain protocols,
like Jabber and SILC, with a very long URL (CVE-2005-1261). Siebe
Tolsma discovered that Gaim is also vulnerable to a remote Denial of
Service attack when receiving a specially crafted MSN message


A remote attacker could cause a buffer overflow by sending an
instant message with a very long URL, potentially leading to the
execution of malicious code. By sending a SLP message with an empty
body, a remote attacker could cause a Denial of Service or crash of the
Gaim client.


There are no known workarounds at this time.


All Gaim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0"

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.