FreeBSD : Several remotely exploitable buffer overflows in gaim (6fd02439-5d70-11d8-80e3-0020ed76ef5a)

high Nessus Plugin ID 37025

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Stefan Esser of e-matters found almost a dozen remotely exploitable vulnerabilities in Gaim. From the e-matters advisory :

While developing a custom add-on, an integer overflow in the handling of AIM DirectIM packets was revealed that could lead to a remote compromise of the IM client. After disclosing this bug to the vendor, they had to make a hurried release because of a change in the Yahoo connection procedure that rendered GAIM useless. Unfourtunately at the same time a closer look onto the sourcecode revealed 11 more vulnerabilities.

The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is a fairly simple task.

In combination with the latest kernel vulnerabilities or the habit of users to work as root/administrator these bugs can result in remote root compromises.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?fdb6dd3c

http://www.nessus.org/u?91332096

Plugin Details

Severity: High

ID: 37025

File Name: freebsd_pkg_6fd024395d7011d880e30020ed76ef5a.nasl

Version: 1.13

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gaim, p-cpe:/a:freebsd:freebsd:ja-gaim, p-cpe:/a:freebsd:freebsd:ko-gaim, p-cpe:/a:freebsd:freebsd:ru-gaim, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/12/2004

Vulnerability Publication Date: 1/26/2004

Reference Information

CVE: CVE-2004-0005, CVE-2004-0006, CVE-2004-0007, CVE-2004-0008