Joined: 12 May 2004
|Posted: Thu Aug 18, 2005 9:47 am Post subject: [ GLSA 200508-06 ] Gaim: Remote execution of arbitrary code
|Gentoo Linux Security Advisory
Title: Gaim: Remote execution of arbitrary code (GLSA 200508-06)
Date: August 15, 2005
Gaim is vulnerable to a buffer overflow which could lead to the execution
of arbitrary code or to a Denial of Service.
Gaim is a full featured instant messaging client which handles a
variety of instant messaging protocols.
Vulnerable: < 1.5.0
Unaffected: >= 1.5.0
Architectures: All supported architectures
Brandon Perry discovered that Gaim is vulnerable to a heap-based
buffer overflow when handling away messages (CAN-2005-2103).
Furthermore, Daniel Atallah discovered a vulnerability in the handling
of file transfers (CAN-2005-2102).
A remote attacker could create a specially crafted away message
which, when viewed by the target user, could lead to the execution of
arbitrary code. Also, an attacker could send a file with a non-UTF8
filename to a user, which would result in a Denial of Service.
There is no known workaround at this time.
All Gaim users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gaim-1.5.0"
Last edited by GLSA on Sun May 12, 2013 4:20 am; edited 5 times in total