Vulnerabilities > CVE-2004-0754 - Unspecified vulnerability in ROB Flynn Gaim

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
rob-flynn
nessus

Summary

Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-278.NASL
    description0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id14373
    published2004-08-26
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14373
    titleFedora Core 1 : gaim-0.82-0.FC1 (2004-278)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-278.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(14373);
      script_version ("1.21");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2004-0500", "CVE-2004-0754", "CVE-2004-0784", "CVE-2004-0785", "CVE-2004-2589");
      script_xref(name:"FEDORA", value:"2004-278");
    
      script_name(english:"Fedora Core 1 : gaim-0.82-0.FC1 (2004-278)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "0.82 update contains many bug and security improvements.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-August/000270.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ddb24056"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected gaim and / or gaim-debuginfo packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/08/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC1", reference:"gaim-0.82-0.FC1")) flag++;
    if (rpm_check(release:"FC1", reference:"gaim-debuginfo-0.82-0.FC1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gaim / gaim-debuginfo");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2004-400.NASL
    descriptionAn updated gaim package that fixes several security issues is now available. Gaim is an instant messenger client that can handle multiple protocols. Buffer overflow bugs were found in the Gaim MSN protocol handler. In order to exploit these bugs, an attacker would have to perform a man in the middle attack between the MSN server and the vulnerable Gaim client. Such an attack could allow arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0500 to this issue. Buffer overflow bugs have been found in the Gaim URL decoder, local hostname resolver, and the RTF message parser. It is possible that a remote attacker could send carefully crafted data to a vulnerable client and lead to a crash or arbitrary code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0785 to this issue. A shell escape bug has been found in the Gaim smiley theme file installation. When a user installs a smiley theme, which is contained within a tar file, the unarchiving of the data is done in an unsafe manner. An attacker could create a malicious smiley theme that would execute arbitrary commands if the theme was installed by the victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0784 to this issue. An integer overflow bug has been found in the Gaim Groupware message receiver. It is possible that if a user connects to a malicious server, an attacker could send carefully crafted data which could lead to arbitrary code execution on the victims machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0754 to this issue. Users of Gaim are advised to upgrade to this updated package which contains Gaim version 0.82 and is not vulnerable to these issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id14696
    published2004-09-09
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14696
    titleRHEL 3 : gaim (RHSA-2004:400)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_E16293F026B711D99289000C41E2CDAD.NASL
    descriptionSean infamous42md reports that a malicious GroupWise messaging server may be able to exploit a heap buffer overflow in gaim, leading to arbitrary code execution.
    last seen2020-06-01
    modified2020-06-02
    plugin id19145
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19145
    titleFreeBSD : gaim -- heap overflow exploitable by malicious GroupWise server (e16293f0-26b7-11d9-9289-000c41e2cdad)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200408-27.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200408-27 (Gaim: New vulnerabilities) Gaim fails to do proper bounds checking when: Handling MSN messages (partially fixed with GLSA 200408-12). Handling rich text format messages. Resolving local hostname. Receiving long URLs. Handling groupware messages. Allocating memory for webpages with fake content-length header. Furthermore Gaim fails to escape filenames when using drag and drop installation of smiley themes. Impact : These vulnerabilities could allow an attacker to crash Gaim or execute arbitrary code or commands with the permissions of the user running Gaim. Workaround : There is no known workaround at this time. All users are encouraged to upgrade to the latest available version of Gaim.
    last seen2020-06-01
    modified2020-06-02
    plugin id14583
    published2004-08-30
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/14583
    titleGLSA-200408-27 : Gaim: New vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-279.NASL
    description0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id14374
    published2004-08-26
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/14374
    titleFedora Core 2 : gaim-0.82-0.FC2 (2004-279)

Oval

accepted2013-04-29T04:03:40.129-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
    ovaloval:org.mitre.oval:def:11782
  • commentCentOS Linux 3.x
    ovaloval:org.mitre.oval:def:16651
descriptionInteger overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
familyunix
idoval:org.mitre.oval:def:10220
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleInteger overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
version26

Redhat

advisories
rhsa
idRHSA-2004:400