FreeBSD : gaim -- Content-Length header denial-of-service vulnerability (ad61657d-26b9-11d9-9289-000c41e2cdad)

high Nessus Plugin ID 19078

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Sean infamous42md reports :

When a remote server provides a large 'content-length' header value, Gaim will attempt to allocate a buffer to store the content, however this allocation attempt will cause Gaim to crash if the length exceeds the amount of possible memory. This happens when reading profile information on some protocols. It also happens when smiley themes are installed via drag and drop.

Solution

Update the affected packages.

See Also

http://www.pidgin.im/news/security/?id=6

http://www.nessus.org/u?566f8da0

Plugin Details

Severity: High

ID: 19078

File Name: freebsd_pkg_ad61657d26b911d99289000c41e2cdad.nasl

Version: 1.14

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gaim, p-cpe:/a:freebsd:freebsd:ja-gaim, p-cpe:/a:freebsd:freebsd:ko-gaim, p-cpe:/a:freebsd:freebsd:ru-gaim, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 10/25/2004

Vulnerability Publication Date: 8/26/2004