FreeBSD : Several remotely exploitable buffer overflows in gaim (6fd02439-5d70-11d8-80e3-0020ed76ef5a)

This script is Copyright (C) 2009-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

Stefan Esser of e-matters found almost a dozen remotely exploitable
vulnerabilities in Gaim. From the e-matters advisory :

While developing a custom add-on, an integer overflow in the handling
of AIM DirectIM packets was revealed that could lead to a remote
compromise of the IM client. After disclosing this bug to the vendor,
they had to make a hurried release because of a change in the Yahoo
connection procedure that rendered GAIM useless. Unfourtunately at the
same time a closer look onto the sourcecode revealed 11 more
vulnerabilities.

The 12 identified problems range from simple standard stack overflows,
over heap overflows to an integer overflow that can be abused to cause
a heap overflow. Due to the nature of instant messaging many of these
bugs require man-in-the-middle attacks between client and server. But
the underlying protocols are easy to implement and MIM attacks on
ordinary TCP sessions is a fairly simple task.

In combination with the latest kernel vulnerabilities or the habit of
users to work as root/administrator these bugs can result in remote
root compromises.

See also :

http://www.nessus.org/u?fdb6dd3c
http://www.nessus.org/u?9f3bf97b

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 37025 (freebsd_pkg_6fd024395d7011d880e30020ed76ef5a.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0005
CVE-2004-0006
CVE-2004-0007
CVE-2004-0008

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now