Gaim is a multi-protocol instant messenger available for a number of operating systems. It provides a feature that allows users to configure an HTTP proxy for connecting to the server. There is a buffer overflow vulnerability in the http_canread() function. When parsing data returned by the HTTP proxy server, the http_canread() function fails to perform proper adequate bounds checking on this data. Exploitation of this vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code.
An unauthenticated, remote attacker could execute arbitrary code with the privileges of the vulnerable process.
Upgrade to Gaim version 0.76 or later.
This vulnerability was publicly reported by Stefan Esser of e-matters.
This document was written by Damon Morda.
|Date First Published:||2004-05-06|
|Date Last Updated:||2004-05-06 19:47 UTC|