Vulnerabilities > CVE-2004-0500 - MSN Protocol Buffer Overflow vulnerability in Gaim
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
Vulnerable Configurations
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2004-278.NASL description 0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14373 published 2004-08-26 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14373 title Fedora Core 1 : gaim-0.82-0.FC1 (2004-278) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-278. # include("compat.inc"); if (description) { script_id(14373); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-0500", "CVE-2004-0754", "CVE-2004-0784", "CVE-2004-0785", "CVE-2004-2589"); script_xref(name:"FEDORA", value:"2004-278"); script_name(english:"Fedora Core 1 : gaim-0.82-0.FC1 (2004-278)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-August/000270.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ddb24056" ); script_set_attribute( attribute:"solution", value:"Update the affected gaim and / or gaim-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC1", reference:"gaim-0.82-0.FC1")) flag++; if (rpm_check(release:"FC1", reference:"gaim-debuginfo-0.82-0.FC1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gaim / gaim-debuginfo"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_5B8F9A02EC9311D8B913000C41E2CDAD.NASL description Sebastian Krahmer discovered several remotely exploitable buffer overflow vulnerabilities in the MSN component of gaim. In two places in the MSN protocol plugins (object.c and slp.c), strncpy was used incorrectly; the size of the array was not checked before copying to it. Both bugs affect MSN last seen 2020-06-01 modified 2020-06-02 plugin id 36550 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36550 title FreeBSD : gaim remotely exploitable vulnerabilities in MSN component (5b8f9a02-ec93-11d8-b913-000c41e2cdad) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2004-400.NASL description An updated gaim package that fixes several security issues is now available. Gaim is an instant messenger client that can handle multiple protocols. Buffer overflow bugs were found in the Gaim MSN protocol handler. In order to exploit these bugs, an attacker would have to perform a man in the middle attack between the MSN server and the vulnerable Gaim client. Such an attack could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0500 to this issue. Buffer overflow bugs have been found in the Gaim URL decoder, local hostname resolver, and the RTF message parser. It is possible that a remote attacker could send carefully crafted data to a vulnerable client and lead to a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0785 to this issue. A shell escape bug has been found in the Gaim smiley theme file installation. When a user installs a smiley theme, which is contained within a tar file, the unarchiving of the data is done in an unsafe manner. An attacker could create a malicious smiley theme that would execute arbitrary commands if the theme was installed by the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0784 to this issue. An integer overflow bug has been found in the Gaim Groupware message receiver. It is possible that if a user connects to a malicious server, an attacker could send carefully crafted data which could lead to arbitrary code execution on the victims machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0754 to this issue. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 0.82 and is not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14696 published 2004-09-09 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14696 title RHEL 3 : gaim (RHSA-2004:400) NASL family FreeBSD Local Security Checks NASL id FREEBSD_GAIM_081.NASL description The following package needs to be updated: gaim last seen 2016-09-26 modified 2004-08-12 plugin id 14267 published 2004-08-12 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=14267 title FreeBSD : gaim remotely exploitable vulnerabilities in MSN component (53) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-27.NASL description The remote host is affected by the vulnerability described in GLSA-200408-27 (Gaim: New vulnerabilities) Gaim fails to do proper bounds checking when: Handling MSN messages (partially fixed with GLSA 200408-12). Handling rich text format messages. Resolving local hostname. Receiving long URLs. Handling groupware messages. Allocating memory for webpages with fake content-length header. Furthermore Gaim fails to escape filenames when using drag and drop installation of smiley themes. Impact : These vulnerabilities could allow an attacker to crash Gaim or execute arbitrary code or commands with the permissions of the user running Gaim. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Gaim. last seen 2020-06-01 modified 2020-06-02 plugin id 14583 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/14583 title GLSA-200408-27 : Gaim: New vulnerabilities NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-081.NASL description Sebastian Krahmer discovered two remotely exploitable buffer overflow vulnerabilities in the gaim instant messenger. The updated packages are patched to correct the problems. last seen 2020-06-01 modified 2020-06-02 plugin id 14330 published 2004-08-22 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14330 title Mandrake Linux Security Advisory : gaim (MDKSA-2004:081) NASL family Fedora Local Security Checks NASL id FEDORA_2004-279.NASL description 0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 14374 published 2004-08-26 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14374 title Fedora Core 2 : gaim-0.82-0.FC2 (2004-279) NASL family SuSE Local Security Checks NASL id SUSE_SA_2004_025.NASL description The remote host is missing the patch for the advisory SUSE-SA:2004:025 (gaim). Gaim is an instant messaging client which supports a wide range of protocols. Sebastian Krahmer of the SuSE Security Team discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code. Remote attackers can execute arbitrary code as the user running the gaim client. The vulnerable code exists in SUSE Linux 9.1 only. last seen 2020-06-01 modified 2020-06-02 plugin id 14264 published 2004-08-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14264 title SUSE-SA:2004:025: gaim NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200408-12.NASL description The remote host is affected by the vulnerability described in GLSA-200408-12 (Gaim: MSN protocol parsing function buffer overflow) Sebastian Krahmer of the SuSE Security Team has discovered a remotely exploitable buffer overflow vulnerability in the code handling MSN protocol parsing. Impact : By sending a carefully-crafted message, an attacker may execute arbitrary code with the permissions of the user running Gaim. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Gaim. last seen 2020-06-01 modified 2020-06-02 plugin id 14568 published 2004-08-30 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14568 title GLSA-200408-12 : Gaim: MSN protocol parsing function buffer overflow
Oval
| accepted | 2013-04-29T04:19:21.639-04:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. | ||||||||
| family | unix | ||||||||
| id | oval:org.mitre.oval:def:9429 | ||||||||
| status | accepted | ||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||
| title | Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. | ||||||||
| version | 26 |
Redhat
| advisories |
|
References
- http://gaim.sourceforge.net/security/?id=0
- http://www.fedoranews.org/updates/FEDORA-2004-278.shtml
- http://www.fedoranews.org/updates/FEDORA-2004-279.shtml
- http://www.gentoo.org/security/en/glsa/glsa-200408-12.xml
- http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml
- http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:081
- http://www.novell.com/linux/security/advisories/2004_25_gaim.html
- http://www.redhat.com/support/errata/RHSA-2004-400.html
- http://www.securityfocus.com/bid/10865
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16920
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9429