Gaim Remote Buffer Overflow Vulnerability
BID:1948
Info
Gaim Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 1948 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2000-1172 |
| Remote: | Yes |
| Local: | Yes |
| Published: | Nov 10 2000 12:00AM |
| Updated: | Jul 11 2009 03:56AM |
| Credit: | Reported to bugtraq by Stan Bubrouski <[email protected]> on November 9, 2000. |
| Vulnerable: |
Rob Flynn Gaim 0.10.3 Rob Flynn Gaim 0.10 x |
| Not Vulnerable: | |
Discussion
Gaim Remote Buffer Overflow Vulnerability
Gaim is an interactive chat client which supports AOL's Instant Messenger service, and runs on a number of Unix-based platforms.
When set to use the OSCAR protocol, 0.10.x versions of the Gaim client up to and including 0.10.3 fail to properly size-check embedded HTML tags in received messages. Such tags, if made by an attacker to exceed approximately 4100 characters, can create a buffer overflow condition. As a result, the excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user it can be crafted in such a way that it alters the program's flow of execution. If properly exploited, this can yield root privileges to the attacker.
For a number of reasons it is believed that this vulnerability is quite difficult to exploit. See Stan Bubrouski's ([email protected]) message in the reference section for details.
Gaim is an interactive chat client which supports AOL's Instant Messenger service, and runs on a number of Unix-based platforms.
When set to use the OSCAR protocol, 0.10.x versions of the Gaim client up to and including 0.10.3 fail to properly size-check embedded HTML tags in received messages. Such tags, if made by an attacker to exceed approximately 4100 characters, can create a buffer overflow condition. As a result, the excessive data copied onto the stack can overwrite critical parts of the stack frame such as the calling functions' return address. Since this data is supplied by the user it can be crafted in such a way that it alters the program's flow of execution. If properly exploited, this can yield root privileges to the attacker.
For a number of reasons it is believed that this vulnerability is quite difficult to exploit. See Stan Bubrouski's ([email protected]) message in the reference section for details.
Exploit / POC
Gaim Remote Buffer Overflow Vulnerability
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Currently the SecurityFocus staff are not aware of any publicly available exploits for this vulnerability. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Gaim Remote Buffer Overflow Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].