Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging protocols, including the Yahoo Messenger (YMSG) protocol. There is a buffer overflow vulnerability in the yahoo_packet_read() function. When parsing a YMSG packet, the yahoo_packet_read() function fails to perform adequate bounds checking on the keyname value. By sending a specially crafted YMSG packet containing a large keyname value to a vulnerable system, an unauthenticated, remote attacker could execute arbitrary code.
An unauthenticated, remote attacker could execute arbitrary code with the privileges of the vulnerable process.
Upgrade to Gaim version 0.76 or later.
This vulnerability was publicly reported by Stefan Esser of e-matters.
This document was written by Damon Morda.
|Date First Published:||2004-05-06|
|Date Last Updated:||2004-05-06 19:46 UTC|