CVE-2004-2304
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:43:45
NMCO    

[原文]Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.


[CNNVD]Gaim多个远程边界条件错误漏洞(CNNVD-200412-943)

        
        Gaim是一款能多种协议进行即时通信的程序,Ultramagnetic是Gaim的派生程序。
        Gaim对多种协议进行通信时存在边界条件错误问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能未授权访问使用此软件的主机系统。
        在审核Gaim源代码时发现存在12个安全问题,具体如下:
        YMSG协议(yahoo messenger)处理器存在缓冲区溢出:
         01) Yahoo Octal-Encoding Decoder缓冲溢出
         02) Yahoo Octal-Encoding Decoder越界缓冲区溢出
         03) Yahoo Web Cookie解析缓冲区溢出
         04) Yahoo登录页名解析缓冲区溢出
         05) Yahoo登录页值解析缓冲区溢出
         06) Yahoo包解析解析缓冲区溢出
        oscar协议(AIM)处理器存在缓冲区溢出:
         07) AIM/Oscar DirectIM整数溢出
         08) quoted-printable编码解析溢出
         09) Quoted Printable编码解析越界溢出
         10) URL解析函数溢出
         11) 展开Info字段函数溢出
         12) HTTP代理连接溢出
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:cerulean_studios:trillian:0.725
cpe:/a:cerulean_studios:trillian:0.71
cpe:/a:cerulean_studios:trillian:0.73
cpe:/a:cerulean_studios:trillian_pro:2.01
cpe:/a:cerulean_studios:trillian_pro:2.0
cpe:/a:cerulean_studios:trillian_pro:1.0
cpe:/a:cerulean_studios:trillian:0.74

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2304
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2304
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-943
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/15303
(PATCH)  XF  trillian-directim-bo(15303)
http://www.securityfocus.com/bid/9489
(PATCH)  BID  9489
http://security.e-matters.de/advisories/022004.html
(VENDOR_ADVISORY)  MISC  http://security.e-matters.de/advisories/022004.html
http://lists.seifried.org/pipermail/security/2004-February/001869.html
(VENDOR_ADVISORY)  FULLDISC  20040224 Advisory 02/2004: Trillian remote overflows
http://www.osvdb.org/4056
(UNKNOWN)  OSVDB  4056
http://securitytracker.com/id?1009220
(UNKNOWN)  SECTRACK  1009220
http://secunia.com/advisories/10973
(UNKNOWN)  SECUNIA  10973

- 漏洞信息

Gaim多个远程边界条件错误漏洞
高危 边界条件错误
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        Gaim是一款能多种协议进行即时通信的程序,Ultramagnetic是Gaim的派生程序。
        Gaim对多种协议进行通信时存在边界条件错误问题,远程攻击者可以利用这个漏洞进行缓冲区溢出攻击,可能未授权访问使用此软件的主机系统。
        在审核Gaim源代码时发现存在12个安全问题,具体如下:
        YMSG协议(yahoo messenger)处理器存在缓冲区溢出:
         01) Yahoo Octal-Encoding Decoder缓冲溢出
         02) Yahoo Octal-Encoding Decoder越界缓冲区溢出
         03) Yahoo Web Cookie解析缓冲区溢出
         04) Yahoo登录页名解析缓冲区溢出
         05) Yahoo登录页值解析缓冲区溢出
         06) Yahoo包解析解析缓冲区溢出
        oscar协议(AIM)处理器存在缓冲区溢出:
         07) AIM/Oscar DirectIM整数溢出
         08) quoted-printable编码解析溢出
         09) Quoted Printable编码解析越界溢出
         10) URL解析函数溢出
         11) 展开Info字段函数溢出
         12) HTTP代理连接溢出
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * 第三方补丁下载如下:
        
        http://security.e-matters.de/patches/gaim-0.75-fix.diff

        厂商补丁:
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:006-1)以及相应补丁:
        MDKSA-2004:006-1:Updated gaim packages fix multiple vulnerabilities
        链接:
        http://www.linux-mandrake.com/en/security/2004/2004-006.php

        补丁下载:
        Updated Packages:
        Mandrake Linux 9.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/gaim-0.75-1.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/gaim-encrypt-0.75-1.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libgaim-remote0-0.75-1.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libgaim-remote0-devel-0.75-1.2.91mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/gaim-0.75-1.2.91mdk.src.rpm
        Mandrake Linux 9.1/PPC:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/gaim-0.75-1.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/gaim-encrypt-0.75-1.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libgaim-remote0-0.75-1.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libgaim-remote0-devel-0.75-1.2.91mdk.ppc.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/gaim-0.75-1.2.91mdk.src.rpm
        Mandrake Linux 9.2:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-0.75-1.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-encrypt-0.75-1.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-festival-0.75-1.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-perl-0.75-1.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libgaim-remote0-0.75-1.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libgaim-remote0-devel-0.75-1.2.92mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/gaim-0.75-1.2.92mdk.src.rpm
        Mandrake Linux 9.2/AMD64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/gaim-0.75-1.2.92mdk.amd64.rpm
        上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
        
        http://www.mandrakesecure.net/en/ftp.php

        RedHat
        ------
        RedHat已经为此发布了一个安全公告(RHSA-2004:032-01)以及相应补丁:
        RHSA-2004:032-01:Updated Gaim packages fix various vulnerabiliies
        链接:https://www.redhat.com/support/errata/RHSA-2004-032.html
        补丁下载:
        Red Hat Linux 9:
        SRPMS:
        ftp://updates.redhat.com/9/en/os/SRPMS/gaim-0.75-0.9.0.src.rpm
        i386:
        ftp://updates.redhat.com/9/en/os/i386/gaim-0.75-0.9.0.i386.rpm
        可使用下列命令安装补丁:
        rpm -Fvh [文件名]
        S.u.S.E.
        --------
        S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:004)以及相应补丁:
        SuSE-SA:2004:004:gaim
        链接:
        补丁下载:
         Intel i386 Platform:
         SuSE-9.0:
         ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gaim-0.67-65.i586.rpm
         09f8d12dd52e246cf32dca8ad3374f39
         patch rpm(s):
         ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gaim-0.67-65.i586.patch.rpm
         3a633e341b9e56facdbe0250b55dd33a
         source rpm(s):
         ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/gaim-0.67-65.src.rpm
         5ee6a86077c0297a64815532782f7a54
         SuSE-8.2:
         ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gaim-0.59.8-60.i586.rpm
         7a269744304f72bf951c7bd6974560f2
         patch rpm(s):
         ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gaim-0.59.8-60.i586.patch.rpm
         e7b18f0da02c1c4392dc1b03e835a827
         source rpm(s):
         ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/gaim-0.59.8-60.src.rpm
         ae7d7b1c9735696244547a0d6a5ee92e
         SuSE-8.1:
         ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/gaim-0.59-158.i586.rpm
         22b1d4b

- 漏洞信息

4056
Trillian DirectIM Packet Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

A remote overflow exists in Cerulean Studios' Trillian and Trillian Pro. The AOL Instant Messenger DirectIM parser fails to properly allocate a parsing buffer resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-02-24 2004-02-18
Unknow Unknow

- 解决方案

Upgrade to Trillian version 0.74G or Trillian Pro version 2.011 or higher, as it has been reported to fix this vulnerability. Patches are also available. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站