ID CVE-2004-0007
Summary Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:rob_flynn:gaim:*:*:*:*:*:*:*:*
    cpe:2.3:a:rob_flynn:gaim:*:*:*:*:*:*:*:*
  • cpe:2.3:a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:*
    cpe:2.3:a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
  • accepted 2007-04-25T19:52:55.739-04:00
    class vulnerability
    contributors
    • name Jay Beale
      organization Bastille Linux
    • name Thomas R. Jones
      organization Maitreya Security
    description Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
    family unix
    id oval:org.mitre.oval:def:819
    status accepted
    submitted 2004-03-20T12:00:00.000-04:00
    title Gaim / Ultramagnetic Extract Info Field Function BO
    version 38
  • accepted 2013-04-29T04:23:14.171-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    description Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
    family unix
    id oval:org.mitre.oval:def:9906
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
    version 29
redhat via4
advisories
  • rhsa
    id RHSA-2004:032
  • rhsa
    id RHSA-2004:033
refmap via4
bid 9489
bugtraq
  • 20040126 Advisory 01/2004: 12 x Gaim remote overflows
  • 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
cert-vn VU#197142
conectiva CLA-2004:813
confirm http://ultramagnetic.sourceforge.net/advisories/001.html
debian DSA-434
fulldisc 20040126 Advisory 01/2004: 12 x Gaim remote overflows
gentoo GLSA-200401-04
mandrake MDKSA-2004:006
misc http://security.e-matters.de/advisories/012004.html
osvdb 3733
sectrack 1008850
slackware SSA:2004-026
suse SuSE-SA:2004:004
xf gaim-extractinfo-bo(14946)
Last major update 11-10-2017 - 01:29
Published 03-03-2004 - 05:00
Last modified 11-10-2017 - 01:29
Back to Top