Gadu-Gadu image filename buffer overflow
| gadugadu-image-name-bo (23149) |  Low Risk |
Description:
Gadu-Gadu is vulnerable to a buffer overflow. A remote attacker could send an image file with an image name length between 192 and 200 characters to cause a buffer overflow. A remote attacker could exploit this vulnerability to cause a denial of service.
*CVSS:
| Base Score: | 5 |
| Access Vector: | Remote |
| Access Complexity: | Low |
| Authentication: | Not Required |
| Confidentiality Impact: | None |
| Integrity Impact: | None |
| Availability Impact: | Complete |
| Temporal Score: | 3.7 |
| Exploitability: | Unproven |
| Remediation Level: | Official-Fix |
| Report Confidence: | Confirmed |
Consequences:
Denial of Service
Remedy:
Upgrade to the latest version of Gadu-Gadu (7 build 22 or later), available from the Gadu-Gadu Web site. See References.
References:
- Full-Disclosure Mailing List, Mon Nov 21 2005 - 03:26:01 CST: Gadu-Gadu several vulnerabilities (version <= 7.20.
- Gadu-Gadu Web site: Gadu - Gadu; polski komunikator internetowy.
- BID-15520: Gadu-Gadu Multiple Remote Vulnerabilities
- CVE-2005-3891: Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers to cause a denial of service (crash) via an image filename between exactly 192 to 200 characters, which does not account for the imgcache\ string that is added to the end of the buffer.
- CVE-2005-3892: Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone.
- OSVDB ID: 21016: Gadu-Gadu Image Name Length Overflow DoS
- OSVDB ID: 21020: Gadu-Gadu EasycallLite.oce Audio Device Monitoring
- SA17597: Gadu-Gadu Multiple Vulnerabilities and Weaknesses
Platforms Affected:
- sms-express.com Gadu-Gadu 7.20
Reported:
Nov 21, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net
* According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall IBM be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.