Gaim HTTP proxy buffer overflow

gaim-http-proxy-bo (14947)

High Risk

Description:

Gaim is vulnerable to a buffer overflow in the HTTP proxy (http_canread function) subsystem. A remote attacker with a proxy server can send a specially-crafted input to overwrite the buffer and gain control of the instruction pointer.

Platforms Affected:

• Conectiva, Linux 8.0
• Conectiva, Linux 9.0
• Debian, Debian Linux 3.0
• Gaim Project, Gaim 0.75 and prior
• Gentoo, Linux
• MandrakeSoft, Mandrake Linux 9.1 PPC
• MandrakeSoft, Mandrake Linux 9.1
• MandrakeSoft, Mandrake Linux 9.2
• MandrakeSoft, Mandrake Linux 9.2 AMD64
• RedHat, Enterprise Linux 2.1 WS
• RedHat, Enterprise Linux 2.1 AS
• RedHat, Enterprise Linux 2.1 ES
• RedHat, Enterprise Linux 2.1 AW
• RedHat, Enterprise Linux 3 ES
• RedHat, Enterprise Linux 3 AS
• RedHat, Enterprise Linux 3 WS
• RedHat, Linux 9.0
• RedHat, Linux Advanced Workstation 2.1 Itanium
• Slackware, Slackware Linux 9.0
• Slackware, Slackware Linux 9.1
• Slackware, Slackware Linux current
• SuSE, SuSE Linux 8.0
• SuSE, SuSE Linux 8.1
• SuSE, SuSE Linux 8.2
• SuSE, SuSE Linux 9.0
• SuSE, SuSE Linux Desktop 1.0

Remedy:

Download and install the latest version of Gaim after version 0.75, as listed on the Sourceforge Gaim Web Site. See References.

For Slackware Linux:
Upgrade to the latest gaim package, as listed below. Refer to slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST) for more information. See References.

Slackware Linux 9.0: 0.75-i386-1 or later
Slackware Linux 9.1 and current: 0.75-i486-1 or later

For Red Hat Linux:
Upgrade to the latest gaim package, as listed below. Refer to RHSA-2004:032-04 for more information. See References.

Red Hat Linux 9: 0.75-0.9.0 or later

For Red Hat Linux:
Upgrade to the latest gaim package, as listed below. Refer to RHSA-2004:033-04 for more information. See References.

Red Hat Enterprise Linux AS (v. 3), ES (v. 3), and WS (v. 3): 0.75-3.2.0 or later

For Red Hat Linux containing the gaim package:
Upgrade to the latest gaim package, as listed below. Refer to RHSA-2004:045-04 for more information. See References.

Red Hat Enterprise Linux AS (v. 2.1), ES (v.2.1), WS (v.2.1), and Advanced Workstation for the Itanium Processor: 0.59.1-0.2.2 or later

For Gentoo Linux:
Upgrade to the latest version of gaim (0.75-r7 or later), as listed in Gentoo Linux Security Announcement 200401-04. See References.

For Mandrake Linux:
Upgrade to the latest gaim package, as listed below. Refer to MandrakeSoft Security Advisory MDKSA-2004:006-1 : gaim for more information. See References.

Mandrake Linux 9.1: 0.75-1.2.91mdk or later
Mandrake Linux 9.2: 0.75-1.2.92mdk or later

For SuSE Linux:
Upgrade to the latest gaim package, as listed below. Refer to SuSE Security Announcement SuSE-SA:2004:004 for more information. See References.

SuSE Linux 9.0 (Intel): 0.67-65 or later
SuSE Linux 8.2: 0.59.8-60 or later
SuSE Linux 8.1: 0.59-158 or later
SuSE Linux 8.0: 0.50-187 or later

For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest gaim package, as listed below. Refer to DSA-434-1 for more information. See References.

Debian GNU/Linux 3.0 (woody): 0.58-2.4 or later

For Conectiva Linux:
Upgrade to the latest gaim package, as listed below. Refer to Conectiva Linux Security Announcement CLSA-2004:813 for more information. See References.

Conectiva Linux 8: 0.59.8-1U80_1cl or later
Conectiva Linux 9: 0.75-27683U90_1cl or later

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• Conectiva Linux Security Announcement CLSA-2004:813, gaim at http://distro.conectiva.com/atualizacoes/index.php?id=a&anuncio=000813.
• Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST, Advisory 01/2004: 12 x Gaim remote overflows at http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html.
• Gentoo Linux Security Announcement 200401-04, GAIM 0.75 Remote overflows at http://www.linuxsecurity.com/content/view/105690/104/. (From LinuxSecurity archive)
• slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST), GAIM security update (SSA:2004-026-01) at http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158.
• BID-9489: Gaim Multiple Remote Boundary Condition Error Vulnerabilities
• CVE-2004-0006: Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
• DSA-434: gaim -- several vulnerabilities
• MDKSA-2004:006: Updated gaim packages fix multiple vulnerabilities
• MDKSA-2004:006-1: Updated gaim packages fix multiple vulnerabilities
• OSVDB ID: 3731: Gaim URL Parser Function Overflow
• OSVDB ID: 3732: Gaim HTTP Proxy Connect Overflow
• RHSA-2004-032: Updated Gaim packages fix various vulnerabiliies
• RHSA-2004-033: gaim security update
• RHSA-2004-045: gaim security update
• SECTRACK ID: 1008850: Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code
• SUSE-SA:2004:004: gaim: remote system compromise
• US-CERT VU#297198: Gaim fails to properly validate the value parameter in the Yahoo login webpage
• US-CERT VU#371382: Gaim fails to properly validate the name parameter in the Yahoo login webpage
• US-CERT VU#444158: Gaim contains a buffer overflow vulnerability in the http_canread() function
• US-CERT VU#503030: Gaim fails to properly parse cookies in Yahoo web connections
• US-CERT VU#527142: Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function
• US-CERT VU#871838: Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

Reported:

Jan 26, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page