Gaim Remote URI Handling Buffer Overflow Vulnerability
BID:13590
Info
Gaim Remote URI Handling Buffer Overflow Vulnerability
| Bugtraq ID: | 13590 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-1261 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2005 12:00AM |
| Updated: | Dec 22 2006 12:04AM |
| Credit: | Stu Tomlinson is credited with the discovery of this vulnerability. |
| Vulnerable: |
Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SuSE SUSE Linux Enterprise Server 8 SuSE SUSE Linux Enterprise Server 7 SuSE Linux Openexchange Server SuSE Linux Enterprise Server 9 SuSE Linux Desktop 1.0 SuSE Linux 8.1 SuSE Linux 8.0 i386 SuSE Linux 8.0 SuSE Linux 7.3 sparc SuSE Linux 7.3 ppc SuSE Linux 7.3 i386 SuSE Linux 7.3 SuSE Linux 7.2 i386 SuSE Linux 7.2 SuSE Linux 7.1 x86 SuSE Linux 7.1 sparc SuSE Linux 7.1 ppc SuSE Linux 7.1 alpha SuSE Linux 7.1 SuSE Linux 7.0 sparc SuSE Linux 7.0 ppc SuSE Linux 7.0 i386 SuSE Linux 7.0 alpha SuSE Linux 7.0 SuSE Linux 6.4 ppc SuSE Linux 6.4 i386 SuSE Linux 6.4 alpha SuSE Linux 6.4 SuSE Linux 6.3 ppc SuSE Linux 6.3 alpha SuSE Linux 6.3 SuSE Linux 6.2 SuSE Linux 6.1 alpha SuSE Linux 6.1 SuSE Linux 6.0 SuSE Linux 5.3 SuSE Linux 5.2 SuSE Linux 5.1 SuSE Linux 5.0 SuSE Linux 4.4.1 SuSE Linux 4.4 SuSE Linux 4.3 SuSE Linux 4.2 SuSE Linux 4.0 SuSE Linux 3.0 SuSE Linux 2.0 SuSE Linux 1.0 SGI ProPack 3.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SuSE eMail Server III S.u.S.E. SuSE eMail Server 3.1 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Professional 7.3 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Office Server S.u.S.E. Linux IMAP Server 1.0 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Database Server 0 S.u.S.E. Linux Connectivity Server Rob Flynn Gaim 1.2.1 Rob Flynn Gaim 1.2 Rob Flynn Gaim 1.1.4 Rob Flynn Gaim 1.1.3 Rob Flynn Gaim 1.1.2 Rob Flynn Gaim 1.1.1 Rob Flynn Gaim 1.0.2 Rob Flynn Gaim 1.0.1 Rob Flynn Gaim 1.0 Rob Flynn Gaim 0.82.1 Rob Flynn Gaim 0.82 Rob Flynn Gaim 0.78 Rob Flynn Gaim 0.75 Rob Flynn Gaim 0.74 Rob Flynn Gaim 0.73 Rob Flynn Gaim 0.72 Rob Flynn Gaim 0.71 Rob Flynn Gaim 0.70 Rob Flynn Gaim 0.69 Rob Flynn Gaim 0.68 Rob Flynn Gaim 0.67 Rob Flynn Gaim 0.66 Rob Flynn Gaim 0.65 Rob Flynn Gaim 0.64 Rob Flynn Gaim 0.63 Rob Flynn Gaim 0.62 Rob Flynn Gaim 0.61 Rob Flynn Gaim 0.60 Rob Flynn Gaim 0.59.1 Rob Flynn Gaim 0.59 Rob Flynn Gaim 0.58 Rob Flynn Gaim 0.57 Rob Flynn Gaim 0.56 Rob Flynn Gaim 0.55 Rob Flynn Gaim 0.54 Rob Flynn Gaim 0.53 Rob Flynn Gaim 0.52 Rob Flynn Gaim 0.51 Rob Flynn Gaim 0.50 Rob Flynn Gaim 0.10.3 Rob Flynn Gaim 0.10 x Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core2 Redhat Fedora Core1 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 |
| Not Vulnerable: |
Rob Flynn Gaim 1.3 .0 |
Discussion
Gaim Remote URI Handling Buffer Overflow Vulnerability
Gaim is susceptible to a remote buffer-overflow vulnerability when handling long URIs. This issue is due to the application's failure to properly bounds-check user-supplied input data before copying it to a fixed-size stack buffer.
Due to Gaim's multiple protocol support and to the nature of the differing IM protocols, only some of the IM networks are reported vulnerable (because of the message-length limits imposed by the IM networks). Currently, the Jabber and SILC IM network protocols are known to be vulnerable. Other protocols may also be affected.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
Gaim versions prior to 1.3.0 are vulnerable to this issue.
Gaim is susceptible to a remote buffer-overflow vulnerability when handling long URIs. This issue is due to the application's failure to properly bounds-check user-supplied input data before copying it to a fixed-size stack buffer.
Due to Gaim's multiple protocol support and to the nature of the differing IM protocols, only some of the IM networks are reported vulnerable (because of the message-length limits imposed by the IM networks). Currently, the Jabber and SILC IM network protocols are known to be vulnerable. Other protocols may also be affected.
This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.
Gaim versions prior to 1.3.0 are vulnerable to this issue.
Exploit / POC
Gaim Remote URI Handling Buffer Overflow Vulnerability
The following denial of service proof of concept is available:
The following denial of service proof of concept is available:
Solution / Fix
Gaim Remote URI Handling Buffer Overflow Vulnerability
Solution:
Vendor upgrades are available. Please see the referenced advisories for more information.
Rob Flynn Gaim 0.10 x
Rob Flynn Gaim 0.50
Rob Flynn Gaim 0.51
Rob Flynn Gaim 0.52
Rob Flynn Gaim 0.53
Rob Flynn Gaim 0.54
Rob Flynn Gaim 0.55
Rob Flynn Gaim 0.56
Rob Flynn Gaim 0.59
Rob Flynn Gaim 0.59.1
Rob Flynn Gaim 0.60
Rob Flynn Gaim 0.61
Rob Flynn Gaim 0.62
Rob Flynn Gaim 0.63
Rob Flynn Gaim 0.64
Rob Flynn Gaim 0.65
Rob Flynn Gaim 0.70
Rob Flynn Gaim 0.71
Rob Flynn Gaim 0.73
Rob Flynn Gaim 0.74
Rob Flynn Gaim 0.75
Rob Flynn Gaim 0.82
Rob Flynn Gaim 0.82.1
Rob Flynn Gaim 1.0.2
Rob Flynn Gaim 1.1.3
Rob Flynn Gaim 1.1.4
Rob Flynn Gaim 1.2
Solution:
Vendor upgrades are available. Please see the referenced advisories for more information.
Rob Flynn Gaim 0.10 x
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.50
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.51
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.52
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.53
-
RedHat gaim-1.5.0-0.73.1.legacy.i386.rpm
Red Hat Linux 7.3:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gaim-1.5.0-0. 73.1.legacy.i386.rpm -
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.54
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.55
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.56
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.59
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.59.1
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.60
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.61
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.62
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.63
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.64
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.65
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.70
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.71
-
RedHat gaim-1.5.0-1.fc1.1.legacy.i386.rpm
Fedora Core 1:
http://download.fedoralegacy.org/fedora/1/updates/i386/gaim-1.5.0-1.fc 1.1.legacy.i386.rpm -
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.73
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.74
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.75
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.82
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 0.82.1
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 1.0.2
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 1.1.3
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
Rob Flynn Gaim 1.1.4
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download -
Ubuntu gaim-data_1.1.4-1ubuntu4.1_all.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ub untu4.1_all.deb -
Ubuntu gaim-dev_1.1.4-1ubuntu4.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubu ntu4.1_amd64.deb -
Ubuntu gaim-dev_1.1.4-1ubuntu4.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubu ntu4.1_i386.deb -
Ubuntu gaim-dev_1.1.4-1ubuntu4.1_ia64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubu ntu4.1_ia64.deb -
Ubuntu gaim-dev_1.1.4-1ubuntu4.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubu ntu4.1_powerpc.deb -
Ubuntu gaim_1.1.4-1ubuntu4.1_amd64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4 .1_amd64.deb -
Ubuntu gaim_1.1.4-1ubuntu4.1_i386.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4 .1_i386.deb -
Ubuntu gaim_1.1.4-1ubuntu4.1_ia64.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4 .1_ia64.deb -
Ubuntu gaim_1.1.4-1ubuntu4.1_powerpc.deb
Ubuntu 5.04 (Hoary Hedgehog)
http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4 .1_powerpc.deb
Rob Flynn Gaim 1.2
-
Rob Flynn gaim-1.3.0.tar.gz
http://prdownloads.sourceforge.net/gaim/gaim-1.3.0.tar.gz?download
References
Gaim Remote URI Handling Buffer Overflow Vulnerability
References:
References:
- CLSA-2005:964 : gaim (Conectiva)
- Project Homepage (Gaim)
- Remote crash on some protocols (Gaim)
- RHSA-2005:429-06 - gaim security update (RedHat)
- Gaim 1.2.1 -- PoC Stack Overflow (Ron
)