|
|
|
 |
Vulnerability Note VU#444158Gaim contains a buffer overflow vulnerability in the http_canread() functionOverviewThere is a buffer overflow vulnerability in the Gaim http_canread() function, which could allow an unauthenticated, remote attacker to execute arbitrary code.I. DescriptionGaim is a multi-protocol instant messenger available for a number of operating systems. It provides a feature that allows users to configure an HTTP proxy for connecting to the server. There is a buffer overflow vulnerability in the http_canread() function. When parsing data returned by the HTTP proxy server, the http_canread() function fails to perform proper adequate bounds checking on this data. Exploitation of this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code.II. ImpactAn unauthenticated, remote attacker could execute arbitrary code with the privileges of the vulnerable process.III. SolutionUpgradeUpgrade to Gaim version 0.76 or later.
References
This vulnerability was publicly reported by Stefan Esser of e-matters. This document was written by Damon Morda.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||
Get Adobe Reader