Full Disclosure mailing list archives
RE: [ GLSA 200401-04 ] GAIM 0.75 Remote overflo ws
From: James Lay <jlay () ameriben com>
Date: Tue, 27 Jan 2004 13:55:39 -0700
Anyone seen any source code on this? I've hit the site a few times and seen nothing so far :( James -----Original Message----- From: Tim Yamin [mailto:plasmaroo () gentoo org] Sent: Tuesday, January 27, 2004 12:30 PM To: bugtraq () securityfocus com; full-disclosure () lists netsys com; security-alerts () linuxsecurity com; gentoo-core () gentoo org; gentoo-announce () gentoo org Subject: [Full-disclosure] [ GLSA 200401-04 ] GAIM 0.75 Remote overflows -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200401-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ http://security.gentoo.org - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ~ Severity: Normal ~ Title: GAIM 0.75 Remote overflows ~ Date: January 27, 2004 ~ Bugs: #39470 ~ ID: 200401-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Various overflows in the handling of AIM DirectIM packets was revealed in GAIM that could lead to a remote compromise of the IM client. Background ========== Gaim is a multi-platform and multi-protocol instant messaging client. It is compatible with AIM , ICQ, MSN Messenger, Yahoo, IRC, Jabber, Gadu-Gadu, and the Zephyr networks. Description =========== Yahoo changed the authentication methods to their IM servers, rendering GAIM useless. The GAIM team released a rushed release solving this issue, however, at the same time a code audit revealed 12 vulnerabilities [ 1 ]. Impact ====== Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between the client and the server. But the underlying protocols are easy to implement and attacking ordinary TCP sessions is a fairly simple task. As a result, all users are advised to upgrade their GAIM installation. [ * ] Users of GAIM 0.74 or below are affected by 7 of the ~ vulnerabilities and are encouraged to upgrade. [ * ] Users of GAIM 0.75 are affected by 11 of the vulnerabilities ~ and are encouraged to upgrade to the patched version of GAIM ~ offered by Gentoo. [ * ] Users of GAIM 0.75-r6 are only affected by 4 of the ~ vulnerabilities, but are still urged to upgrade to maintain ~ security. Workaround ========== There is no immediate workaround; a software upgrade is required. Resolution ========== All users are recommended to upgrade GAIM to 0.75-r7. ~ $> emerge sync ~ $> emerge -pv ">=net-im/gaim-0.75-r7" ~ $> emerge ">=net-im/gaim-0.75-r7" References ========== ~ [ 1 ] : http://www.securityfocus.com/archive/1/351235 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAFrwkMMXbAy2b2EIRAgXNAKDv5xVitt263W3Zuhbr0XbYFFn60ACdGdKO 7ltFFxnxeXHJbOmb3BkQLOM= =shTi -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: [ GLSA 200401-04 ] GAIM 0.75 Remote overflo ws James Lay (Jan 27)