FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-0006

This CVE name corresponds to:

Entered	Topic
2004-02-12	Several remotely exploitable buffer overflows in gaim

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-0006 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2004-0006
Phase	Modified(20100819)

Description

Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.

References

Source	Reference
BUGTRAQ	20040126 Advisory 01/2004: 12 x Gaim remote overflows
FULLDISC	20040126 Advisory 01/2004: 12 x Gaim remote overflows
MISC	http://security.e-matters.de/advisories/012004.html
BUGTRAQ	20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
CONFIRM	http://ultramagnetic.sourceforge.net/advisories/001.html
REDHAT	RHSA-2004:032
REDHAT	RHSA-2004:033
REDHAT	RHSA-2004:045
MANDRAKE	MDKSA-2004:006
SGI	20040202-01-U
SUSE	SuSE-SA:2004:004
DEBIAN	DSA-434
CONECTIVA	CLA-2004:813
SGI	20040201-01-U
SLACKWARE	SSA:2004-026
GENTOO	GLSA-200401-04
CERT-VN	VU#297198
CERT-VN	VU#371382
CERT-VN	VU#444158
CERT-VN	VU#503030
CERT-VN	VU#527142
CERT-VN	VU#871838
BID	9489
OSVDB	3731
OSVDB	3732
OVAL	oval:org.mitre.oval:def:818
OVAL	oval:org.mitre.oval:def:10222
SECTRACK	1008850
XF	gaim-http-proxy-bo(14947)
XF	gaim-login-name-bo(14940)
XF	gaim-login-value-bo(14941)
XF	gaim-urlparser-bo(14945)
XF	gaim-yahoopacketread-keyname-bo(14943)
XF	gaim-yahoowebpending-cookie-bo(14939)