CVE-2004-0005 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2004-0005
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-0005

Description: Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/14942 http://xforce.iss.net/xforce/xfdb/14944 http://xforce.iss.net/xforce/xfdb/14935 http://xforce.iss.net/xforce/xfdb/14938 SUSE http://www.novell.com/linux/security/advisories/2004_04_gaim.html ST 1008850 SLACKWARE http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158 OSVDB 3736 MISC http://security.e-matters.de/advisories/012004.html GENTOO http://www.linuxsecurity.com/content/view/105690/104/ FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html DEBIAN http://www.debian.org/security/2004/dsa-434 CONECTIVA http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 CERT-VN 404470 226974 190366 655974 BUGTRAQ http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2

Return to the previous page.