CVE-2004-0007

Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.debian.org/security/2004/dsa-434	Patch Vendor Advisory
http://security.e-matters.de/advisories/012004.html	Patch Vendor Advisory
http://ultramagnetic.sourceforge.net/advisories/001.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-033.html	Patch Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2004-032.html
http://security.gentoo.org/glsa/glsa-200401-04.xml
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
http://www.securityfocus.com/advisories/6281
http://www.securityfocus.com/bid/9489
http://www.kb.cert.org/vuls/id/197142	US Government Resource
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
http://www.osvdb.org/3733
http://www.securitytracker.com/id?1008850
http://marc.info/?l=bugtraq&m=107522432613022&w=2
http://marc.info/?l=bugtraq&m=107513690306318&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/14946
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9906
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A819

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rob_flynn:gaim::::::::
	cpe:2.3:a:ultramagnetic:ultramagnetic::::::::

Information

Published : 2004-03-02 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2004-0007

Mitre link : CVE-2004-0007

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

rob_flynn

gaim

ultramagnetic

ultramagnetic

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.debian.org/security/2004/dsa-434", "name": "DSA-434", "tags": ["Patch", "Vendor Advisory"], "refsource": "DEBIAN"}, {"url": "http://security.e-matters.de/advisories/012004.html", "name": "http://security.e-matters.de/advisories/012004.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://ultramagnetic.sourceforge.net/advisories/001.html", "name": "http://ultramagnetic.sourceforge.net/advisories/001.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-033.html", "name": "RHSA-2004:033", "tags": ["Patch", "Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2004-032.html", "name": "RHSA-2004:032", "tags": [], "refsource": "REDHAT"}, {"url": "http://security.gentoo.org/glsa/glsa-200401-04.xml", "name": "GLSA-200401-04", "tags": [], "refsource": "GENTOO"}, {"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html", "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", "tags": [], "refsource": "FULLDISC"}, {"url": "http://www.securityfocus.com/advisories/6281", "name": "SuSE-SA:2004:004", "tags": [], "refsource": "SUSE"}, {"url": "http://www.securityfocus.com/bid/9489", "name": "9489", "tags": [], "refsource": "BID"}, {"url": "http://www.kb.cert.org/vuls/id/197142", "name": "VU#197142", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813", "name": "CLA-2004:813", "tags": [], "refsource": "CONECTIVA"}, {"url": "http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158", "name": "SSA:2004-026", "tags": [], "refsource": "SLACKWARE"}, {"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006", "name": "MDKSA-2004:006", "tags": [], "refsource": "MANDRAKE"}, {"url": "http://www.osvdb.org/3733", "name": "3733", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.securitytracker.com/id?1008850", "name": "1008850", "tags": [], "refsource": "SECTRACK"}, {"url": "http://marc.info/?l=bugtraq&m=107522432613022&w=2", "name": "20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=107513690306318&w=2", "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14946", "name": "gaim-extractinfo-bo(14946)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9906", "name": "oval:org.mitre.oval:def:9906", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A819", "name": "oval:org.mitre.oval:def:819", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0007", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-03-03T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.74"}, {"cpe23Uri": "cpe:2.3:a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "0.81"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}