ISS X-Force Database: gaim-extractinfo-bo(14946): Gaim Extract Info Field function stack overflow

Gaim Extract Info Field function stack overflow

gaim-extractinfo-bo (14946)

High Risk

Description:

Gaim is vulnerable to a stack overflow in the gaim_markup_extract_info_field function, which is used by the MSN and YMSG protocol handlers. This function combines data from two tokens into a fixed-length stack buffer without properly checking the size of the resulting string. A remote attacker can supply a specially-crafted set of data to overflow the stack and possibly execute arbitrary code on the system.

Platforms Affected:

Conectiva, Linux 8.0
Conectiva, Linux 9.0
Debian, Debian Linux 3.0
Gaim Project, Gaim 0.74 and prior
Gentoo, Linux
MandrakeSoft, Mandrake Linux 9.1
MandrakeSoft, Mandrake Linux 9.1 PPC
MandrakeSoft, Mandrake Linux 9.2
MandrakeSoft, Mandrake Linux 9.2 AMD64
RedHat, Enterprise Linux 3 WS
RedHat, Enterprise Linux 3 AS
RedHat, Enterprise Linux 3 ES
RedHat, Linux 9.0
Slackware, Slackware Linux 9.0
Slackware, Slackware Linux 9.1
Slackware, Slackware Linux current
SuSE, SuSE Linux 8.0
SuSE, SuSE Linux 8.1
SuSE, SuSE Linux 8.2
SuSE, SuSE Linux 9.0

Remedy:

Download and install the latest version of Gaim after version 0.75, as listed on the Sourceforge Gaim Web Site. See References.

For Slackware Linux:
Upgrade to the latest gaim package, as listed below. Refer to slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST) for more information. See References.

Slackware Linux 9.0: 0.75-i386-1 or later
Slackware Linux 9.1 and current: 0.75-i486-1 or later

For Red Hat Linux:
Upgrade to the latest gaim package, as listed below. Refer to RHSA-2004:032-04 for more information. See References.

Red Hat Linux 9: 0.75-0.9.0 or later

For Red Hat Linux:
Upgrade to the latest gaim package, as listed below. Refer to RHSA-2004:033-04 for more information. See References.

Red Hat Enterprise Linux AS (v. 3), ES (v. 3), and WS (v. 3): 0.75-3.2.0 or later

For Gentoo Linux:
Upgrade to the latest version of gaim (0.75-r7 or later), as listed in Gentoo Linux Security Announcement 200401-04. See References.

For Mandrake Linux:
Upgrade to the latest gaim package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:006-1 : gaim for more information. See References.

Mandrake Linux 9.1: 0.75-1.2.91mdk or later
Mandrake Linux 9.2: 0.75-1.2.92mdk or later

For SuSE Linux:
Upgrade to the latest gaim package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2004:004 for more information. See References.

SuSE Linux 9.0 (Intel): 0.67-65 or later
SuSE Linux 8.2: 0.59.8-60 or later
SuSE Linux 8.1: 0.59-158 or later
SuSE Linux 8.0: 0.50-187 or later

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest gaim package, as listed below. Refer to DSA-434-1 for more information. See References.

Debian GNU/Linux 3.0 (woody): 0.58-2.4 or later

For Conectiva Linux:
Upgrade to the latest gaim package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:813 for more information. See References.

Conectiva Linux 8: 0.59.8-1U80_1cl or later
Conectiva Linux 9: 0.75-27683U90_1cl or later

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

Conectiva Linux Security Announcement CLSA-2004:813, gaim at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000813.
Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST, Advisory 01/2004: 12 x Gaim remote overflows at http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html.
Gentoo Linux Security Announcement 200401-04, GAIM 0.75 Remote overflows at http://www.linuxsecurity.com/content/view/105690/104/. (From LinuxSecurity archive)
slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST), GAIM security update (SSA:2004-026-01) at http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158.
Sourceforge Gaim Web site, Downloads at http://gaim.sourceforge.net/downloads.php.
BID-9489: Gaim Multiple Remote Boundary Condition Error Vulnerabilities
CVE-2004-0007: Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
DSA-434: gaim -- several vulnerabilities
MDKSA-2004:006: Updated gaim packages fix multiple vulnerabilities
MDKSA-2004:006-1: Updated gaim packages fix multiple vulnerabilities
OSVDB ID: 3733: Gaim Extract Info Field Function Buffer Overflow
RHSA-2004-032: Updated Gaim packages fix various vulnerabiliies
RHSA-2004-033: gaim security update
SECTRACK ID: 1008850: Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code
US-CERT VU#197142: Gaim contains a buffer overflow vulnerability in the Extract Info Field function

Reported:

Jan 26, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page