Saturday, October 23, 2004

Gaim Multiple Vulnerabilities

Many of us have GAIM as their IM GUi using GAIM which i admin is too good but its vendor disclosed a few venurablilites as below :

The following specific issues have been disclosed by the vendor:

Gaim is reported prone to a remote arbitrary command execution vulnerability during the installation of a smiley theme.

The Gaim client is reported prone to a remote heap overflow vulnerability when processing data from a groupware server.

A remote buffer overflow vulnerability exists in the URI parsing utility.

A buffer overflow vulnerability arises when the application performs a DNS query to obtain a hostname when signing on to zephyr.

Another buffer overflow presents itself when the application processes Rich Text Format (RTF) messages.

A malicious server can trigger a buffer overflow vulnerability in Gaim by supplying an excessive value for the 'content-length' header.

These issues affect Gaim versions prior to 0.82. Some of these issues may have been reported previously. This BID will be updated and divided into individual BIDs as more information becomes available.

You can read more on it here


Post a Comment

<< Home