Gaim Multiple Remote Boundary Condition Error Vulnerabilities

BID:9489

Info

Gaim Multiple Remote Boundary Condition Error Vulnerabilities

Bugtraq ID: 9489
Class: Boundary Condition Error
CVE: CVE-2004-0006
CVE-2004-0007
CVE-2004-0008
Remote: Yes
Local: No
Published: Jan 26 2004 12:00AM
Updated: Jul 12 2009 02:06AM
Credit: Discovery credited to Stefan Esser.
Vulnerable: Ultramagnetic Ultramagnetic 0.80 Beta
Ultramagnetic Ultramagnetic 0.70 Beta
Ultramagnetic Ultramagnetic 0.65 Beta
Ultramagnetic Ultramagnetic 0.60 Beta
Ultramagnetic Ultramagnetic 0.55 Beta
Ultramagnetic Ultramagnetic 0.50 Beta
Ultramagnetic Ultramagnetic 0.40 Beta
Ultramagnetic Ultramagnetic 0.20 Beta
Ultramagnetic Ultramagnetic 0.10 Beta
Ultramagnetic Ultramagnetic 0.3 Preview Alpha 3
Ultramagnetic Ultramagnetic 0.2 Preview Alpha 2
Ultramagnetic Ultramagnetic 0.1 Preview Alpha 1
SGI ProPack 2.4
SGI ProPack 2.3
Rob Flynn Gaim 0.75
Rob Flynn Gaim 0.74
Rob Flynn Gaim 0.73
Rob Flynn Gaim 0.72
Rob Flynn Gaim 0.71
+ Redhat Fedora Core1
Rob Flynn Gaim 0.70
Rob Flynn Gaim 0.69
Rob Flynn Gaim 0.68
Rob Flynn Gaim 0.67
+ S.u.S.E. Linux Personal 9.0
Rob Flynn Gaim 0.66
Rob Flynn Gaim 0.65
Rob Flynn Gaim 0.64
Rob Flynn Gaim 0.63
Rob Flynn Gaim 0.62
Rob Flynn Gaim 0.61
Rob Flynn Gaim 0.60
Rob Flynn Gaim 0.59.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
Rob Flynn Gaim 0.59
+ Gentoo Linux 0.7
+ Gentoo Linux 0.5
+ HP Secure OS software for Linux 1.0
+ Redhat Linux 9.0 i386
+ Redhat Linux 7.3 i386
+ Redhat Linux 7.3
+ Redhat Linux 7.2 ia64
+ Redhat Linux 7.2 i386
+ Redhat Linux 7.2
+ Redhat Linux 7.1 ia64
+ Redhat Linux 7.1 i386
+ Redhat Linux 7.1 alpha
+ Redhat Linux 7.1
+ S.u.S.E. Linux Personal 8.2
+ Sun Linux 5.0
+ SuSE Linux 8.1
Rob Flynn Gaim 0.58
+ Debian Linux 3.0
Rob Flynn Gaim 0.57
Rob Flynn Gaim 0.56
Rob Flynn Gaim 0.55
Rob Flynn Gaim 0.54
Rob Flynn Gaim 0.53
Rob Flynn Gaim 0.52
Rob Flynn Gaim 0.51
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
Rob Flynn Gaim 0.50
+ SuSE Linux 8.0
Cerulean Studios Trillian Pro 2.0
Cerulean Studios Trillian Pro 1.0
Cerulean Studios Trillian Pro 2.01
Cerulean Studios Trillian 0.725
Cerulean Studios Trillian 0.74
Cerulean Studios Trillian 0.73
Cerulean Studios Trillian 0.71
Not Vulnerable: Ultramagnetic Ultramagnetic 0.81 Beta

Discussion

Gaim Multiple Remote Boundary Condition Error Vulnerabilities

Several vulnerabilities in the handling of YMSG protocol, Oscar protocol, proxy handling, and Gaim utilities have been identified. Because of these issues, it may be possible for a remote attacker to gain unauthorized access to hosts using the vulnerable software.

Exploit / POC

Gaim Multiple Remote Boundary Condition Error Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Gaim Multiple Remote Boundary Condition Error Vulnerabilities

Solution:
SGI has released an advisory 20040202-01-U to address this and other issues in SGI ProPack 2.4. Please see the referenced advisory for more information. Fixes are available below.

SuSE has released advisory SuSE-SA:2004:004 to address these issues. See referenced advisory for further details concerning obtaining fixes.

Ultramagnetic have released an advisory and fixes to address these issues. Further
details can be found in the referenced advisory (Ultramagnetic Advisory #001).

RedHat has released security advisory RHSA-2004:032-01 dealing with this issue.

Advisory MDKSA-2004:006 has been released by Mandrake. See advisory for details concerning obtaining fixes.

Gentoo has released advisory GLSA 200401-04 dealing with this issue. See advisory for details concerning obtaining fixes.

Mandrake has released a revision to the previous advisory MDKSA-2004:006-1. New fixes have been provided.

Debian has released advisory DSA 434-1 to address this issue. See referenced advisory for details concerning obtaining fixes.

RedHat advisory RHSA-2004:045-04 has been released for the Enterprise edition. Users are advised to upgrade immediately. Please see the reference section for more details.

Conectiva advisory CLA-2004:813 has been released dealing with this issue.

SGI has released an advisory 20040201-01-U with a patch to address this
and other issues. Please see the referenced advisory for more
information.

Fedora advisory FEDORA-2004-070 has been released dealing with this issue.

Trillian patches are available for this issue. Trillian Pro users should contact the vendor to obtain fixes.

Fedora Legacy has released advisory FLSA-2004:1237 along with fixes for RedHat Linux dealing with this and other issues. Please see the referenced advisory for more information.


Ultramagnetic Ultramagnetic 0.1 Preview Alpha 1

Ultramagnetic Ultramagnetic 0.10 Beta

Ultramagnetic Ultramagnetic 0.2 Preview Alpha 2

Ultramagnetic Ultramagnetic 0.20 Beta

Ultramagnetic Ultramagnetic 0.3 Preview Alpha 3

Ultramagnetic Ultramagnetic 0.40 Beta

Ultramagnetic Ultramagnetic 0.50 Beta

Rob Flynn Gaim 0.50

Ultramagnetic Ultramagnetic 0.55 Beta

Rob Flynn Gaim 0.58

Rob Flynn Gaim 0.59

Rob Flynn Gaim 0.59.1

Ultramagnetic Ultramagnetic 0.60 Beta

Ultramagnetic Ultramagnetic 0.65 Beta

Rob Flynn Gaim 0.67

Rob Flynn Gaim 0.68

Ultramagnetic Ultramagnetic 0.70 Beta

Cerulean Studios Trillian 0.74

Rob Flynn Gaim 0.75

Ultramagnetic Ultramagnetic 0.80 Beta

SGI ProPack 2.3

SGI ProPack 2.4

References

© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report