CVE-2004-0891

Current Description

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

Basic Data

PublishedJanuary 27, 2005
Last ModifiedOctober 11, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactCOMPLETE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score10.0
SeverityHIGH
Exploitability Score10.0
Impact Score10.0
Obtain All Privilegetrue
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationRob FlynnGaim0.10*******
    2.3ApplicationRob FlynnGaim0.10.3*******
    2.3ApplicationRob FlynnGaim0.50*******
    2.3ApplicationRob FlynnGaim0.51*******
    2.3ApplicationRob FlynnGaim0.52*******
    2.3ApplicationRob FlynnGaim0.53*******
    2.3ApplicationRob FlynnGaim0.54*******
    2.3ApplicationRob FlynnGaim0.55*******
    2.3ApplicationRob FlynnGaim0.56*******
    2.3ApplicationRob FlynnGaim0.57*******
    2.3ApplicationRob FlynnGaim0.58*******
    2.3ApplicationRob FlynnGaim0.59*******
    2.3ApplicationRob FlynnGaim0.59.1*******
    2.3ApplicationRob FlynnGaim0.60*******
    2.3ApplicationRob FlynnGaim0.61*******
    2.3ApplicationRob FlynnGaim0.62*******
    2.3ApplicationRob FlynnGaim0.63*******
    2.3ApplicationRob FlynnGaim0.64*******
    2.3ApplicationRob FlynnGaim0.65*******
    2.3ApplicationRob FlynnGaim0.66*******
    2.3ApplicationRob FlynnGaim0.67*******
    2.3ApplicationRob FlynnGaim0.68*******
    2.3ApplicationRob FlynnGaim0.69*******
    2.3ApplicationRob FlynnGaim0.70*******
    2.3ApplicationRob FlynnGaim0.71*******
    2.3ApplicationRob FlynnGaim0.72*******
    2.3ApplicationRob FlynnGaim0.73*******
    2.3ApplicationRob FlynnGaim0.74*******
    2.3ApplicationRob FlynnGaim0.75*******
    2.3ApplicationRob FlynnGaim0.78*******
    2.3ApplicationRob FlynnGaim0.82*******
    2.3ApplicationRob FlynnGaim0.82.1*******
    2.3ApplicationRob FlynnGaim1.0*******
    2.3ApplicationRob FlynnGaim1.0.1*******
  • OR - Configuration 2
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3OSGentooLinux********
    2.3OSGentooLinux1.4*******
    2.3OSSlackwareSlackware Linux9.0*******
    2.3OSSlackwareSlackware Linux9.1*******
    2.3OSSlackwareSlackware Linux10.0*******
    2.3OSSlackwareSlackware Linuxcurrent*******
    2.3OSUbuntuUbuntu Linux4.1*ia64*****
    2.3OSUbuntuUbuntu Linux4.1*ppc*****

Vulnerable Software List

VendorProductVersions
Slackware Slackware Linux 10.0, 9.0, 9.1, current
Rob Flynn Gaim 0.10, 0.10.3, 0.50, 0.51, 0.52, 0.53, 0.54, 0.55, 0.56, 0.57, 0.58, 0.59, 0.59.1, 0.60, 0.61, 0.62, 0.63, 0.64, 0.65, 0.66, 0.67, 0.68, 0.69, 0.70, 0.71, 0.72, 0.73, 0.74, 0.75, 0.78, 0.82, 0.82.1, 1.0, 1.0.1
Ubuntu Ubuntu Linux 4.1
Gentoo Linux *, 1.4

References

NameSourceURLTags
http://gaim.sourceforge.net/security/?id=9http://gaim.sourceforge.net/security/?id=9CONFIRMVendor Advisory
GLSA-200410-23http://www.gentoo.org/security/en/glsa/glsa-200410-23.xmlGENTOO
RHSA-2004:604http://www.redhat.com/support/errata/RHSA-2004-604.htmlREDHATVendor Advisory
FLSA:2188https://bugzilla.fedora.us/show_bug.cgi?id=2188FEDORA
gaim-msn-slp-bo(17786)https://exchange.xforce.ibmcloud.com/vulnerabilities/17786XF
gaim-msn-slp-dos(17787)https://exchange.xforce.ibmcloud.com/vulnerabilities/17787XF
gaim-file-transfer-dos(17790)https://exchange.xforce.ibmcloud.com/vulnerabilities/17790XF
oval:org.mitre.oval:def:11790https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790OVAL
USN-8-1https://www.ubuntu.com/usn/usn-8-1/UBUNTU