CVE-2004-0891
CVSS10.0
发布时间 :2005-01-27 00:00:00
修订时间 :2016-12-07 21:59:33
NMCOPS    

[原文]Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.


[CNNVD]Gaim MSNSLP 缓冲区溢出(CNNVD-200501-302)

        Gaim是一款即时通信工具软件,是Pigdin的前身。
        Gaim0.79至1.0.1版本在处理MSNSLP消息时存在缓冲区溢出漏洞。
        远程攻击者可以利用特殊构建的畸形MSNSLP消息,触发溢出,导致程序坑归或执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:ubuntu:ubuntu_linux:4.1::ppc
cpe:/o:slackware:slackware_linux:10.0Slackware Linux 10.0
cpe:/o:slackware:slackware_linux:9.1Slackware Linux 9.1
cpe:/a:rob_flynn:gaim:0.69
cpe:/a:rob_flynn:gaim:1.0.1
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:rob_flynn:gaim:0.52
cpe:/a:rob_flynn:gaim:0.74
cpe:/o:slackware:slackware_linux:9.0Slackware Linux 9.0
cpe:/a:rob_flynn:gaim:0.51
cpe:/a:rob_flynn:gaim:0.73
cpe:/a:rob_flynn:gaim:0.50
cpe:/a:rob_flynn:gaim:0.72
cpe:/a:rob_flynn:gaim:0.68
cpe:/a:rob_flynn:gaim:0.53
cpe:/a:rob_flynn:gaim:0.75
cpe:/a:rob_flynn:gaim:0.71
cpe:/a:rob_flynn:gaim:0.56
cpe:/a:rob_flynn:gaim:0.78
cpe:/a:rob_flynn:gaim:0.55
cpe:/a:rob_flynn:gaim:0.10
cpe:/a:rob_flynn:gaim:0.54
cpe:/o:slackware:slackware_linux:current
cpe:/a:rob_flynn:gaim:0.70
cpe:/a:rob_flynn:gaim:0.59
cpe:/a:rob_flynn:gaim:0.58
cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:rob_flynn:gaim:1.0
cpe:/a:rob_flynn:gaim:0.63
cpe:/a:rob_flynn:gaim:0.62
cpe:/a:rob_flynn:gaim:0.61
cpe:/a:rob_flynn:gaim:0.82.1
cpe:/a:rob_flynn:gaim:0.57
cpe:/a:rob_flynn:gaim:0.64
cpe:/a:rob_flynn:gaim:0.59.1
cpe:/a:rob_flynn:gaim:0.60
cpe:/a:rob_flynn:gaim:0.82
cpe:/a:rob_flynn:gaim:0.10.3
cpe:/a:rob_flynn:gaim:0.67
cpe:/a:rob_flynn:gaim:0.66
cpe:/a:rob_flynn:gaim:0.65
cpe:/o:ubuntu:ubuntu_linux:4.1::ia64

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11790Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0891
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0891
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200501-302
(官方数据源) CNNVD

- 其它链接及资源

http://gaim.sourceforge.net/security/?id=9
(VENDOR_ADVISORY)  CONFIRM  http://gaim.sourceforge.net/security/?id=9
http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
(UNKNOWN)  GENTOO  GLSA-200410-23
http://www.redhat.com/support/errata/RHSA-2004-604.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2004:604
http://xforce.iss.net/xforce/xfdb/17786
(VENDOR_ADVISORY)  XF  gaim-msn-slp-bo(17786)
http://xforce.iss.net/xforce/xfdb/17787
(UNKNOWN)  XF  gaim-msn-slp-dos(17787)
http://xforce.iss.net/xforce/xfdb/17790
(UNKNOWN)  XF  gaim-file-transfer-dos(17790)
https://bugzilla.fedora.us/show_bug.cgi?id=2188
(UNKNOWN)  FEDORA  FLSA:2188
https://www.ubuntu.com/usn/usn-8-1/
(UNKNOWN)  UBUNTU  USN-8-1

- 漏洞信息

Gaim MSNSLP 缓冲区溢出
危急 缓冲区溢出
2005-01-27 00:00:00 2005-10-20 00:00:00
远程  
        Gaim是一款即时通信工具软件,是Pigdin的前身。
        Gaim0.79至1.0.1版本在处理MSNSLP消息时存在缓冲区溢出漏洞。
        远程攻击者可以利用特殊构建的畸形MSNSLP消息,触发溢出,导致程序坑归或执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.pidgin.im/download/

- 漏洞信息 (F34862)

Ubuntu Security Notice 8-1 (PacketStormID:F34862)
2004-10-28 00:00:00
Ubuntu  
advisory,remote,overflow,arbitrary,protocol
CVE-2004-0891
[点击下载]

A buffer overflow and two remote crashes were recently discovered in gaim's MSN protocol handler. An attacker could potentially execute arbitrary code with the user's privileges by crafting and sending a particular MSN message.

===========================================================
Ubuntu Security Notice USN-8-1             October 27, 2004
gaim vulnerabilities
CAN-2004-0891
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.1. In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A buffer overflow and two remote crashes were recently discovered in
gaim's MSN protocol handler. An attacker could potentially execute
arbitrary code with the user's privileges by crafting and sending a
particular MSN message.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.diff.gz
      Size/MD5:    40716 a1cd244a1d9197c9a4855706f857ede2
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1.dsc
      Size/MD5:      853 dbd5a82e0fa2c33df8fc26d636a2f9f1
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_amd64.deb
      Size/MD5:  3443672 0a2a22b071c0256a2d68d20b474fdddc

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_i386.deb
      Size/MD5:  3353616 1b825ce8a2cbba5fa2171fa089f71112

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.1_powerpc.deb
      Size/MD5:  3417684 bae36e86bcf49722af6497d55a2de5fc
    

- 漏洞信息

10986
Gaim MSN SLP Message Handling Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-10-19 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Gaim MSN SLP Remote Buffer Overflow Vulnerability
Boundary Condition Error 11482
Yes No
2004-10-20 12:00:00 2009-07-12 08:06:00
The individual responsible for the discovery of this issue is currently unknown; the vendor disclosed this issue.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux -current
Rob Flynn Gaim 1.0.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Rob Flynn Gaim 1.0
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Rob Flynn Gaim 0.82.1
Rob Flynn Gaim 0.82
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
Rob Flynn Gaim 0.78
Rob Flynn Gaim 0.75
Rob Flynn Gaim 0.74
Rob Flynn Gaim 0.73
Rob Flynn Gaim 0.72
Rob Flynn Gaim 0.71
+ Red Hat Fedora Core1
Rob Flynn Gaim 0.70
Rob Flynn Gaim 0.69
Rob Flynn Gaim 0.68
Rob Flynn Gaim 0.67
+ S.u.S.E. Linux Personal 9.0
Rob Flynn Gaim 0.66
Rob Flynn Gaim 0.65
Rob Flynn Gaim 0.64
Rob Flynn Gaim 0.63
Rob Flynn Gaim 0.62
Rob Flynn Gaim 0.61
Rob Flynn Gaim 0.60
Rob Flynn Gaim 0.59.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Rob Flynn Gaim 0.59
+ Gentoo Linux 0.7
+ Gentoo Linux 0.5
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 8.2
+ Sun Linux 5.0
Rob Flynn Gaim 0.58
+ Debian Linux 3.0
Rob Flynn Gaim 0.57
Rob Flynn Gaim 0.56
Rob Flynn Gaim 0.55
Rob Flynn Gaim 0.54
Rob Flynn Gaim 0.53
Rob Flynn Gaim 0.52
Rob Flynn Gaim 0.51
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
Rob Flynn Gaim 0.50
+ S.u.S.E. Linux 8.0
Rob Flynn Gaim 0.10.3
Rob Flynn Gaim 0.10 x
Gentoo Linux 1.4
Gentoo Linux
Rob Flynn Gaim 1.0.2
+ Gentoo Linux
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux -current

- 不受影响的程序版本

Rob Flynn Gaim 1.0.2
+ Gentoo Linux
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux -current

- 漏洞讨论

Gaim is reportedly affected by a remote buffer overflow vulnerability in its MSN SLP message functionality of gaim. This issue is due to a failure of the application to verify buffer bounds when copying user-supplied input.

An attacker can leverage this issue to execute arbitrary code on an affected computer with the privileges of the user that executed the vulnerable application.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Ubuntu Linux has released an advisory (USN-8-1) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Red Hat has released advisory RHSA-2004:604-05 and fixes to address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Slackware Linux has released an advisory (SSA:2004-296-01) along with fixes dealing with this issue. Please see the referenced advisory for more information.

Gentoo linuz has released an advisory (GLSA 200410-23) dealing with this issue. Gentoo has advised that all Gaim users should upgrade to the latest version:

# emerge sync

# emerge -pv ">=net-im/gaim-1.0.2"
# emerge ">=net-im/gaim-1.0.2"

Please see the referenced Gentoo advisory for more information.

The vendor has released an update resolving this issue.

Mandrake Linux has released advisory MDKSA-2004:117 along with fixes dealing with this issue. Please see the advisory for more information.

The Fedora Legacy Project has made advisory FLSA:2188 available dealing with this issue in RedHat Linux 7.3, 9.0 and Fedora Core 1. Please see the reference section for more information.


Rob Flynn Gaim 0.50

Rob Flynn Gaim 0.51

Rob Flynn Gaim 0.52

Rob Flynn Gaim 0.53

Rob Flynn Gaim 0.54

Rob Flynn Gaim 0.55

Rob Flynn Gaim 0.56

Rob Flynn Gaim 0.57

Rob Flynn Gaim 0.58

Rob Flynn Gaim 0.59

Rob Flynn Gaim 0.59.1

Rob Flynn Gaim 0.60

Rob Flynn Gaim 0.61

Rob Flynn Gaim 0.62

Rob Flynn Gaim 0.63

Rob Flynn Gaim 0.64

Rob Flynn Gaim 0.65

Rob Flynn Gaim 0.66

Rob Flynn Gaim 0.67

Rob Flynn Gaim 0.68

Rob Flynn Gaim 0.69

Rob Flynn Gaim 0.70

Rob Flynn Gaim 0.71

Rob Flynn Gaim 0.72

Rob Flynn Gaim 0.73

Rob Flynn Gaim 0.74

Rob Flynn Gaim 0.75

Rob Flynn Gaim 0.78

Rob Flynn Gaim 0.82

Rob Flynn Gaim 0.82.1

Rob Flynn Gaim 1.0

Rob Flynn Gaim 1.0.1

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站