CVE-2004-0500

Current Description

Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.

Basic Data

PublishedSeptember 28, 2004
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRob FlynnGaim0.10*******
    2.3ApplicationRob FlynnGaim0.10.3*******
    2.3ApplicationRob FlynnGaim0.50*******
    2.3ApplicationRob FlynnGaim0.51*******
    2.3ApplicationRob FlynnGaim0.52*******
    2.3ApplicationRob FlynnGaim0.53*******
    2.3ApplicationRob FlynnGaim0.54*******
    2.3ApplicationRob FlynnGaim0.55*******
    2.3ApplicationRob FlynnGaim0.56*******
    2.3ApplicationRob FlynnGaim0.57*******
    2.3ApplicationRob FlynnGaim0.58*******
    2.3ApplicationRob FlynnGaim0.59*******
    2.3ApplicationRob FlynnGaim0.59.1*******
    2.3ApplicationRob FlynnGaim0.60*******
    2.3ApplicationRob FlynnGaim0.61*******
    2.3ApplicationRob FlynnGaim0.62*******
    2.3ApplicationRob FlynnGaim0.63*******
    2.3ApplicationRob FlynnGaim0.64*******
    2.3ApplicationRob FlynnGaim0.65*******
    2.3ApplicationRob FlynnGaim0.66*******
    2.3ApplicationRob FlynnGaim0.67*******
    2.3ApplicationRob FlynnGaim0.68*******
    2.3ApplicationRob FlynnGaim0.69*******
    2.3ApplicationRob FlynnGaim0.70*******
    2.3ApplicationRob FlynnGaim0.71*******
    2.3ApplicationRob FlynnGaim0.72*******
    2.3ApplicationRob FlynnGaim0.73*******
    2.3ApplicationRob FlynnGaim0.74*******
    2.3ApplicationRob FlynnGaim0.75*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux1.4*******
    2.3OSMandrakesoftMandrake Linux9.2*******
    2.3OSMandrakesoftMandrake Linux9.2*amd64*****
    2.3OSMandrakesoftMandrake Linux10.0*******
    2.3OSMandrakesoftMandrake Linux10.0*amd64*****

Vulnerable Software List

VendorProductVersions
Rob Flynn Gaim 0.10, 0.10.3, 0.50, 0.51, 0.52, 0.53, 0.54, 0.55, 0.56, 0.57, 0.58, 0.59, 0.59.1, 0.60, 0.61, 0.62, 0.63, 0.64, 0.65, 0.66, 0.67, 0.68, 0.69, 0.70, 0.71, 0.72, 0.73, 0.74, 0.75
Mandrakesoft Mandrake Linux 10.0, 9.2
Gentoo Linux 1.4

References

NameSourceURLTags
http://gaim.sourceforge.net/security/?id=0http://gaim.sourceforge.net/security/?id=0CONFIRM
FEDORA-2004-278http://www.fedoranews.org/updates/FEDORA-2004-278.shtmlFEDORA
FEDORA-2004-279http://www.fedoranews.org/updates/FEDORA-2004-279.shtmlFEDORA
GLSA-200408-12http://www.gentoo.org/security/en/glsa/glsa-200408-12.xmlGENTOOPATCH Vendor Advisory
GLSA-200408-27http://www.gentoo.org/security/en/glsa/glsa-200408-27.xmlGENTOO
MDKSA-2004:081http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:081MANDRAKE
SUSE-SA:2004:025http://www.novell.com/linux/security/advisories/2004_25_gaim.htmlSUSE
RHSA-2004:400http://www.redhat.com/support/errata/RHSA-2004-400.htmlREDHAT
10865http://www.securityfocus.com/bid/10865BIDPATCH Vendor Advisory
gaim-msn-bo(16920)https://exchange.xforce.ibmcloud.com/vulnerabilities/16920XF
oval:org.mitre.oval:def:9429https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9429OVAL