FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-0966

This CVE name corresponds to:

Entered Topic
2005-04-10 gaim -- remote DoS on receiving certain messages over IRC

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-0966
Phase Assigned(20050404)

Description

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

References

Source Reference
BUGTRAQ 20050401 multiple remote denial of service vulnerabilities in Gaim
CONFIRM http://gaim.sourceforge.net/security/index.php?id=14
CONFIRM http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750
FEDORA FLSA:158543
MANDRAKE MDKSA-2005:071
REDHAT RHSA-2005:365
SUSE SUSE-SA:2005:036
BID 13003
OVAL oval:org.mitre.oval:def:9185
SECUNIA 14815
XF gaim-irc-plugin-bo(19937)
XF gaim-ircmsginvite-dos(19939)