Info

Last Modified

11 months ago

Percent Complete

25%

Disclosure

Jan 27, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

This Entry needs help! It is only 25% Complete. Click the edit link above to add more information.

Contributing is fast and easy, and benefits the entire security community.

Description

(Description Provided by CVE) : Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.

Classification

Attack Type: Input Manipulation

Solution

Upgrade to version 0.76 when available. The FreeBSD security team has released an unoffcial patch which also corrects this vulnerability.

Products

Unknown or Incomplete

References

Other Solution URL: http://security.e-matters.de/patches/gaim-0.75-fix.diff
Secunia Advisory ID: 10705
CVE ID: 2004-0006 (see also: NVD)
Other Advisory URL: http://security.e-matters.de/advisories/012004.html
Vendor Specific Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=885370&group_id=235&atid ......

Tools & Filters

Nessus	12455 12459 14106 15271

Credit

Unknown or Incomplete

Blogs

Provided by Technorati

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

DONATE NOW!

User Status

Account
- Login
- Sign-Up

Quick Searches