[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] remote exploits in gaim

To: linux-security@sfu.ca
Subject: [linux-security] remote exploits in gaim
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 29 Jan 2004 19:30:33 -0800
User-Agent: Mutt/1.4.1i

Topic
=====
remotely exploitable bugs in gaim

Problem Description
===================
Gaim is a multi-protocol instant-messaging client. In a security audit
12 vulnerabilities were found in gaim that can lead to a remote system
compromise with the privileges of the user running GAIM.
Multiple buffer overflows exist in gaim 0.75 and earlier:  When
parsing cookies in a Yahoo web connection; YMSG protocol overflows
parsing the Yahoo login webpage; a YMSG packet overflow; flaws in
the URL parser; and flaws in the HTTP Proxy connect; a buffer overflow
in gaim 0.74 and earlier in the Extract Info Field Function used for MSN
and YMSG protocol handlers; an integer overflow in gaim 0.74 and earlier,
when allocating memory for a directIM packet results in a heap overflow.

The Yahoo Packet Parser Overflow vulnerability is easy to exploit and
results in a classic stack overflow which can be used to execute arbitrary
code. The HTTP Proxy Connect Overflow vulnerability requires the gaim
client use a HTTP proxy under the control of the attacker. The exploitation
of this bug results in arbitrary code execution too.

Affected Systems
================
gaim versions 0.75 and earlier

Solution
========
upgrade to a patched version for your distribution

SuSE-8.0
--------
rpm -Fvh gaim-0.50-187.i386.rpm

SuSE-8.1
--------
rpm -Fvh gaim-0.59-158.i586.rpm

SuSE-8.2
--------
rpm -Fvh gaim-0.59.8-60.i586.rpm

SuSE-9.0
--------
rpm -Fvh gaim-0.67-65.i586.rpm

RedHat 7.3 (SFU 1.0)
--------------------
(SFU packages are available from http://www.sfu.ca/acs/security/linux/7.3/RPMS
or via NFS from within the .sfu.ca domain or from sphinx in
/vol/vol0/distrib/sfu/1.0/RPMS)

rpm -Fvh gaim-0.59.8-1.i386.rpm

Remark: this is a recompilation of the SuSE-8.2 rpm under RedHat 7.3.

RedHat 9
--------
rpm -Fvh gaim-0.75-0.9.0.i386.rpm

Mandrake 9.1
------------
rpm -Fvh gaim-0.75-1.1.91mdk.i586.rpm \
         gaim-encrypt-0.75-1.1.91mdk.i586.rpm \
         libgaim-remote0-0.75-1.1.91mdk.i586.rpm \
         libgaim-remote0-devel-0.75-1.1.91mdk.i586.rpm

Mandrake 9.2
------------
rpm -Fvh gaim-0.75-1.1.92mdk.i586.rpm \
         gaim-encrypt-0.75-1.1.92mdk.i586.rpm \
         gaim-festival-0.75-1.1.92mdk.i586.rpm \
         gaim-perl-0.75-1.1.92mdk.i586.rpm \
         libgaim-remote0-0.75-1.1.92mdk.i586.rpm \
         libgaim-remote0-devel-0.75-1.1.92mdk.i586.rpm

Prev by Date: [linux-security] tcpdump vulnerabilities
Next by Date: [linux-security] local root exploit in X
Prev by thread: Re: [linux-security] local root exploit in X (RedHat 9)
Next by thread: [linux-security] tcpdump vulnerabilities
Index(es):
- Date
- Thread