FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Several remotely exploitable buffer overflows in gaim

Affected packages
gaim < 0.75_3
gaim = 0.75_5
gaim = 0.76
ja-gaim < 0.75_3
ja-gaim = 0.75_5
ja-gaim = 0.76
ko-gaim < 0.75_3
ko-gaim = 0.75_5
ko-gaim = 0.76
ru-gaim < 0.75_3
ru-gaim = 0.75_5
ru-gaim = 0.76
20030000 <= gaim

Details

VuXML ID 6fd02439-5d70-11d8-80e3-0020ed76ef5a
Discovery 2004-01-26
Entry 2004-02-12
Modified 2004-10-25

Stefan Esser of e-matters found almost a dozen remotely exploitable vulnerabilities in Gaim. From the e-matters advisory:

While developing a custom add-on, an integer overflow in the handling of AIM DirectIM packets was revealed that could lead to a remote compromise of the IM client. After disclosing this bug to the vendor, they had to make a hurried release because of a change in the Yahoo connection procedure that rendered GAIM useless. Unfourtunately at the same time a closer look onto the sourcecode revealed 11 more vulnerabilities.

The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is a fairly simple task.

In combination with the latest kernel vulnerabilities or the habit of users to work as root/administrator these bugs can result in remote root compromises.

References

CVE Name CVE-2004-0005
CVE Name CVE-2004-0006
CVE Name CVE-2004-0007
CVE Name CVE-2004-0008
URL http://security.e-matters.de/advisories/012004.txt