FreeBSD : gaim -- MSN denial-of-service vulnerabilities (f2d6a5e1-26b9-11d9-9289-000c41e2cdad)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Gaim team discovered denial-of-service vulnerabilities in the MSN
protocol handler :

After accepting a file transfer request, Gaim will attempt to allocate
a buffer of a size equal to the entire filesize, this allocation
attempt will cause Gaim to crash if the size exceeds the amount of
available memory.

Gaim allocates a buffer for the payload of each message received based
on the size field in the header of the message. A malicious peer could
specify an invalid size that exceeds the amount of available memory.

See also :

http://gaim.sourceforge.net/security/?id=7
http://gaim.sourceforge.net/security/?id=8
http://www.nessus.org/u?a3a49a6f

Solution :

Update the affected packages.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 19168 (freebsd_pkg_f2d6a5e126b911d99289000c41e2cdad.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now