FreeBSD : Several remotely exploitable buffer overflows in gaim (6fd02439-5d70-11d8-80e3-0020ed76ef5a)

High Nessus Plugin ID 37025


The remote FreeBSD host is missing one or more security-related updates.


Stefan Esser of e-matters found almost a dozen remotely exploitable vulnerabilities in Gaim. From the e-matters advisory :

While developing a custom add-on, an integer overflow in the handling of AIM DirectIM packets was revealed that could lead to a remote compromise of the IM client. After disclosing this bug to the vendor, they had to make a hurried release because of a change in the Yahoo connection procedure that rendered GAIM useless. Unfourtunately at the same time a closer look onto the sourcecode revealed 11 more vulnerabilities.

The 12 identified problems range from simple standard stack overflows, over heap overflows to an integer overflow that can be abused to cause a heap overflow. Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between client and server. But the underlying protocols are easy to implement and MIM attacks on ordinary TCP sessions is a fairly simple task.

In combination with the latest kernel vulnerabilities or the habit of users to work as root/administrator these bugs can result in remote root compromises.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 37025

File Name: freebsd_pkg_6fd024395d7011d880e30020ed76ef5a.nasl

Version: $Revision: 1.10 $

Type: local

Published: 2009/04/23

Modified: 2013/08/09

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gaim, p-cpe:/a:freebsd:freebsd:gaim, p-cpe:/a:freebsd:freebsd:ja-gaim, p-cpe:/a:freebsd:freebsd:ko-gaim, p-cpe:/a:freebsd:freebsd:ru-gaim, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2004/02/12

Vulnerability Publication Date: 2004/01/26

Reference Information

CVE: CVE-2004-0005, CVE-2004-0006, CVE-2004-0007, CVE-2004-0008