Gentoo Archives: gentoo-announce

From: Sune Kloppenborg Jeppesen <jaervosz@g.o>
To: gentoo-announce@l.g.o
Cc: bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject: [gentoo-announce] [ GLSA 200505-09 ] Gaim: Denial of Service and buffer overflow vulnerabilties
Date: Thu, 12 May 2005 04:30:50
Message-Id: 200505120630.50077.jaervosz@gentoo.org
1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2 Gentoo Linux Security Advisory GLSA 200505-09
3 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4 http://security.gentoo.org/
5 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7 Severity: High
8 Title: Gaim: Denial of Service and buffer overflow vulnerabilties
9 Date: May 12, 2005
10 Bugs: #91862
11 ID: 200505-09
12
13 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15 Synopsis
16 ========
17
18 Gaim contains two vulnerabilities, potentially resulting in the
19 execution of arbitrary code or Denial of Service.
20
21 Background
22 ==========
23
24 Gaim is a full featured instant messaging client which handles a
25 variety of instant messaging protocols.
26
27 Affected packages
28 =================
29
30 -------------------------------------------------------------------
31 Package / Vulnerable / Unaffected
32 -------------------------------------------------------------------
33 1 net-im/gaim < 1.3.0 >= 1.3.0
34
35 Description
36 ===========
37
38 Stu Tomlinson discovered that Gaim is vulnerable to a remote stack
39 based buffer overflow when receiving messages in certain protocols,
40 like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe
41 Tolsma discovered that Gaim is also vulnerable to a remote Denial of
42 Service attack when receiving a specially crafted MSN message
43 (CAN-2005-1262).
44
45 Impact
46 ======
47
48 A remote attacker could cause a buffer overflow by sending an instant
49 message with a very long URL, potentially leading to the execution of
50 malicious code. By sending a SLP message with an empty body, a remote
51 attacker could cause a Denial of Service or crash of the Gaim client.
52
53 Workaround
54 ==========
55
56 There are no known workarounds at this time.
57
58 Resolution
59 ==========
60
61 All Gaim users should upgrade to the latest version:
62
63 # emerge --sync
64 # emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.0"
65
66 References
67 ==========
68
69 [ 1 ] CAN-2005-1261
70 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261
71 [ 2 ] CAN-2005-1262
72 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262
73
74 Availability
75 ============
76
77 This GLSA and any updates to it are available for viewing at
78 the Gentoo Security Website:
79
80 http://security.gentoo.org/glsa/glsa-200505-09.xml
81
82 Concerns?
83 =========
84
85 Security is a primary focus of Gentoo Linux and ensuring the
86 confidentiality and security of our users machines is of utmost
87 importance to us. Any security concerns should be addressed to
88 security@g.o or alternatively, you may file a bug at
89 http://bugs.gentoo.org.
90
91 License
92 =======
93
94 Copyright 2005 Gentoo Foundation, Inc; referenced text
95 belongs to its owner(s).
96
97 The contents of this document are licensed under the
98 Creative Commons - Attribution / Share Alike license.
99
100 http://creativecommons.org/licenses/by-sa/2.0