CVE-2004-0891

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2004-604.html	Vendor Advisory
http://gaim.sourceforge.net/security/?id=9	Vendor Advisory
https://bugzilla.fedora.us/show_bug.cgi?id=2188
http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
https://www.ubuntu.com/usn/usn-8-1/
https://exchange.xforce.ibmcloud.com/vulnerabilities/17790
https://exchange.xforce.ibmcloud.com/vulnerabilities/17787
https://exchange.xforce.ibmcloud.com/vulnerabilities/17786
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:rob_flynn:gaim:0.10:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.55:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.56:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.62:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.63:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.64:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.71:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.72:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.0:::::::*
	cpe:2.3:a:rob_flynn:gaim:1.0.1:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.53:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.10.3:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.61:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.82.1:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.73:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.60:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.69:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.52:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.65:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.59:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.74:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.51:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.54:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.82:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.68:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.67:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.59.1:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.70:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.50:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.66:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.58:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.75:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.57:::::::*
	cpe:2.3:a:rob_flynn:gaim:0.78:::::::*

Configuration 2 (hide)

OR	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ia64:::::
	cpe:2.3:o:ubuntu:ubuntu_linux:4.1::ppc:::::
	cpe:2.3:o:slackware:slackware_linux:9.0:::::::*
	cpe:2.3:o:slackware:slackware_linux:9.1:::::::*
	cpe:2.3:o:slackware:slackware_linux:current:::::::*
	cpe:2.3:o:gentoo:linux::::::::
	cpe:2.3:o:gentoo:linux:1.4:::::::*
	cpe:2.3:o:slackware:slackware_linux:10.0:::::::*

Information

Published : 2005-01-26 21:00

Updated : 2017-10-10 18:29

NVD link : CVE-2004-0891

Mitre link : CVE-2004-0891

JSON object : View

CWE

NVD-CWE-Other

Products Affected

rob_flynn

gaim

gentoo

linux

ubuntu

ubuntu_linux

slackware

slackware_linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2004-604.html", "name": "RHSA-2004:604", "tags": ["Vendor Advisory"], "refsource": "REDHAT"}, {"url": "http://gaim.sourceforge.net/security/?id=9", "name": "http://gaim.sourceforge.net/security/?id=9", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.fedora.us/show_bug.cgi?id=2188", "name": "FLSA:2188", "tags": [], "refsource": "FEDORA"}, {"url": "http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml", "name": "GLSA-200410-23", "tags": [], "refsource": "GENTOO"}, {"url": "https://www.ubuntu.com/usn/usn-8-1/", "name": "USN-8-1", "tags": [], "refsource": "UBUNTU"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17790", "name": "gaim-file-transfer-dos(17790)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17787", "name": "gaim-msn-slp-dos(17787)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17786", "name": "gaim-msn-slp-bo(17786)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790", "name": "oval:org.mitre.oval:def:11790", "tags": [], "refsource": "OVAL"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an \"unexpected sequence of MSNSLP messages\" that results in an unbounded copy operation that writes to the wrong buffer."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0891", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-01-27T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.62:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.64:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.71:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:1.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.10.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.82.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.60:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.69:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.65:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.74:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.82:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.68:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.67:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.59.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.70:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.66:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:0.78:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:current:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:gentoo:linux:1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-10-11T01:29Z"}

10.0 /10