CVE - CVE-2004-0006

CVE-ID
CVE-2004-0006	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:9489 URL:http://www.securityfocus.com/bid/9489 BUGTRAQ:20040126 Advisory 01/2004: 12 x Gaim remote overflows URL:http://marc.info/?l=bugtraq&m=107513690306318&w=2 BUGTRAQ:20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code URL:http://marc.info/?l=bugtraq&m=107522432613022&w=2 CERT-VN:VU#297198 URL:http://www.kb.cert.org/vuls/id/297198 CERT-VN:VU#371382 URL:http://www.kb.cert.org/vuls/id/371382 CERT-VN:VU#444158 URL:http://www.kb.cert.org/vuls/id/444158 CERT-VN:VU#503030 URL:http://www.kb.cert.org/vuls/id/503030 CERT-VN:VU#527142 URL:http://www.kb.cert.org/vuls/id/527142 CERT-VN:VU#871838 URL:http://www.kb.cert.org/vuls/id/871838 CONECTIVA:CLA-2004:813 URL:~~http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813~~ (Obsolete source - check if archived by the Wayback Machine) CONFIRM:http://ultramagnetic.sourceforge.net/advisories/001.html DEBIAN:DSA-434 URL:http://www.debian.org/security/2004/dsa-434 FULLDISC:20040126 Advisory 01/2004: 12 x Gaim remote overflows URL:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html GENTOO:GLSA-200401-04 URL:http://security.gentoo.org/glsa/glsa-200401-04.xml MANDRAKE:MDKSA-2004:006 URL:~~http://www.mandriva.com/security/advisories?name=MDKSA-2004:006~~ (Obsolete source) MISC:http://security.e-matters.de/advisories/012004.html OSVDB:3731 URL:~~http://www.osvdb.org/3731~~ (Obsolete source) OSVDB:3732 URL:~~http://www.osvdb.org/3732~~ (Obsolete source) OVAL:oval:org.mitre.oval:def:10222 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222 OVAL:oval:org.mitre.oval:def:818 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818 REDHAT:RHSA-2004:032 URL:http://www.redhat.com/support/errata/RHSA-2004-032.html REDHAT:RHSA-2004:033 URL:http://www.redhat.com/support/errata/RHSA-2004-033.html REDHAT:RHSA-2004:045 URL:http://www.redhat.com/support/errata/RHSA-2004-045.html SECTRACK:1008850 URL:http://www.securitytracker.com/id?1008850 SGI:20040201-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI:20040202-01-U URL:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc SLACKWARE:SSA:2004-026 URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158 SUSE:SuSE-SA:2004:004 URL:http://www.novell.com/linux/security/advisories/2004_04_gaim.html XF:gaim-http-proxy-bo(14947) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14947 XF:gaim-login-name-bo(14940) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14940 XF:gaim-login-value-bo(14941) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14941 XF:gaim-urlparser-bo(14945) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14945 XF:gaim-yahoopacketread-keyname-bo(14943) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14943 XF:gaim-yahoowebpending-cookie-bo(14939) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14939
Assigning CNA
MITRE Corporation
Date Record Created
20040105	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Modified (20100819)
Votes (Legacy)
ACCEPT(5) Armstrong, Baker, Cole, Cox, Green NOOP(2) Christey, Wall
Comments (Legacy)
Cox> Although the 0.59.1 version of Gaim shipped by Red Hat contained these flaws, Yahoo connections were not functional and therefore the majority of the issues could not be exploited, leading to the abstraction comment above. Christey> CERT-VN:VU#871838 URL:http://www.kb.cert.org/vuls/id/871838 CERT-VN:VU#444158 URL:http://www.kb.cert.org/vuls/id/444158 CERT-VN:VU#503030 URL:http://www.kb.cert.org/vuls/id/503030 CERT-VN:VU#371382 URL:http://www.kb.cert.org/vuls/id/371382 CERT-VN:VU#297198 URL:http://www.kb.cert.org/vuls/id/297198 CERT-VN:VU#527142 URL:http://www.kb.cert.org/vuls/id/527142 Christey> Normalize Gentoo reference
Proposed (Legacy)
20040318
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)