Vulnerability Note VU#404470

Gaim contains an off-by-one buffer overflow vulnerability in the yahoo_decode() function

Overview

There is an off-by-one buffer overflow vulnerability in the Gaim yahoo_decode() function.

I. Description

Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger (YMSG) protocol. There is an off-by-one buffer overflow vulnerability in the yahoo_decode() function. This function fails to properly decode octal values used for email notification functions. By supplying a specially crafted octal value, an unauthenticated, remote attacker may be able to cause a null byte to be overwritten.

II. Impact

An unauthenticated, remote attacker may cause a denial of service or potentially execute code of the attacker's choice.

III. Solution

Upgrade

Upgrade to Gaim version 0.76 or later.

Apply a patch
The maintainers of Gaim have supplied a patch to address this vulnerability.

Systems Affected

Vendor	Status	Date Notified	Date Updated
Gaim	Vulnerable	29-Apr-2004

References

http://security.e-matters.de/advisories/012004.html
http://gaim.sourceforge.net/gaim-0.75.patch
http://www.debian.org/security/2004/dsa-434
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
http://www.secunia.com/advisories/10705/

Credit

This vulnerability was publicly reported by Stefan Esser of e-matters.

This document was written by Damon Morda.

Other Information

Date Public:	2004-01-26
Date First Published:	2004-04-30
Date Last Updated:	2004-05-06
CERT Advisory:
CVE-ID(s):	CAN-2004-0005
NVD-ID(s):	CAN-2004-0005
US-CERT Technical Alerts:
Metric:	7.87
Document Revision:	21

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Get Adobe Reader