FreeBSD : Several remotely exploitable buffer overflows in gaim (6fd02439-5d70-11d8-80e3-0020ed76ef5a)
High Nessus Plugin ID 37025
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionStefan Esser of e-matters found almost a dozen remotely exploitable vulnerabilities in Gaim. From the e-matters advisory :
While developing a custom add-on, an integer overflow in the handling of AIM DirectIM packets was revealed that could lead to a remote compromise of the IM client. After disclosing this bug to the vendor, they had to make a hurried release because of a change in the Yahoo connection procedure that rendered GAIM useless. Unfourtunately at the same time a closer look onto the sourcecode revealed 11 more vulnerabilities.
The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is a fairly simple task.
In combination with the latest kernel vulnerabilities or the habit of users to work as root/administrator these bugs can result in remote root compromises.
SolutionUpdate the affected packages.