|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200505-09] Gaim: Denial of Service and buffer overflow vulnerabilties Vulnerability Scan
Vulnerability Scan Summary
Gaim: Denial of Service and buffer overflow vulnerabilties
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200505-09
(Gaim: Denial of Service and buffer overflow vulnerabilties)
Stu Tomlinson discovered that Gaim is vulnerable to a remote stack
based buffer overflow when receiving messages in certain protocols,
like Jabber and SILC, with a very long URL (CVE-2005-1261). Siebe
Tolsma discovered that Gaim is also vulnerable to a remote Denial of
Service attack when receiving a specially crafted MSN message
(CVE-2005-1262).
Impact
A remote attacker could cause a buffer overflow by sending an
instant message with a very long URL, potentially leading to the
execution of malicious code. By sending a SLP message with an empty
body, a remote attacker could cause a Denial of Service or crash of the
Gaim client.
Workaround
There are no known workarounds at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1261
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1262
Solution:
All Gaim users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
