Debian 3.0 DSA 434-1 Critical: Gaim Remote Exploits Advisory
debian
February 6, 2004
Stefan Esser discovered several security related problems in Gaim, a multi-protocol instant messaging client.
Topics Covered
Summary
Stefan Esser discovered several security related problems in Gaim, a
multi-protocol instant messaging client. Not all of them are
applicable for the version in Debian stable, but affected the version
in the unstable distribution at least. The problems were grouped for
the Common Vulnerabilities and Exposures as follows:
CAN-2004-0005
When the Yahoo Messenger handler decodes an octal value for email
notification functions two different kinds of overflows can be
triggered. When the MIME decoder decoded a quoted printable
encoded string for email notification two other different kinds of
overflows can be triggered. These problems only affect the
version in the unstable distribution.
CAN-2004-0006
When parsing the cookies within the HTTP reply header of a Yahoo
web connection a buffer overflow can happen. When parsing the
Yahoo Login Webpage the YMSG protocol overflows stack buffers if
the web page returns oversized values. When splitting an URL into
its...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: gaim
CVE ID: CAN-2004-0005 CAN-2004-0006 CAN-2004-0007 CAN-2004-0008
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!