CVE-2004-0891: Buffer Overflow
First published: Thu Oct 21 2004(Updated: )
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/gaim | <1.5.0+1.5.1 | 1.5.0+1.5.1 |
| ubuntu/gaim | <1.5.0+1.5.1 | 1.5.0+1.5.1 |
| ubuntu/gaim | <1.5.0+1.5.1 | 1.5.0+1.5.1 |
| debian/gaim | ||
| Gaim | =0.10 | |
| Gaim | =0.10.3 | |
| Gaim | =0.50 | |
| Gaim | =0.51 | |
| Gaim | =0.52 | |
| Gaim | =0.53 | |
| Gaim | =0.54 | |
| Gaim | =0.55 | |
| Gaim | =0.56 | |
| Gaim | =0.57 | |
| Gaim | =0.58 | |
| Gaim | =0.59 | |
| Gaim | =0.59.1 | |
| Gaim | =0.60 | |
| Gaim | =0.61 | |
| Gaim | =0.62 | |
| Gaim | =0.63 | |
| Gaim | =0.64 | |
| Gaim | =0.65 | |
| Gaim | =0.66 | |
| Gaim | =0.67 | |
| Gaim | =0.68 | |
| Gaim | =0.69 | |
| Gaim | =0.70 | |
| Gaim | =0.71 | |
| Gaim | =0.72 | |
| Gaim | =0.73 | |
| Gaim | =0.74 | |
| Gaim | =0.75 | |
| Gaim | =0.78 | |
| Gaim | =0.82 | |
| Gaim | =0.82.1 | |
| Gaim | =1.0 | |
| Gaim | =1.0.1 | |
| Gentoo Linux | ||
| Gentoo Linux | =1.4 | |
| Slackware Linux | =9.0 | |
| Slackware Linux | =9.1 | |
| Slackware Linux | =10.0 | |
| Slackware Linux | =current | |
| Ubuntu Linux | =4.1 | |
| Ubuntu Linux | =4.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.redhat.com/support/errata/RHSA-2004-604.html
- http://gaim.sourceforge.net/security/?id=9
- https://bugzilla.fedora.us/show_bug.cgi?id=2188
- http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
- https://www.ubuntu.com/usn/usn-8-1/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17790
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17787
- https://exchange.xforce.ibmcloud.com/vulnerabilities/17786
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790
- https://ubuntu.com/security/notices/USN-8-1
- https://www.cve.org/CVERecord?id=CVE-2004-0891
- https://nvd.nist.gov/vuln/detail/CVE-2004-0891
- https://launchpad.net/bugs/cve/CVE-2004-0891
- https://security-tracker.debian.org/tracker/CVE-2004-0891
- https://ubuntu.com/security/CVE-2004-0891
Frequently Asked Questions
What is the severity of CVE-2004-0891?
The severity of CVE-2004-0891 is high due to its potential to cause application crashes and arbitrary code execution.
How do I fix CVE-2004-0891?
To fix CVE-2004-0891, upgrade to gaim version 1.5.0 or later.
What software is affected by CVE-2004-0891?
CVE-2004-0891 affects gaim versions 0.79 through 1.0.1, among others.
Can CVE-2004-0891 lead to a denial of service?
Yes, CVE-2004-0891 can lead to a denial of service by crashing the application.
Is CVE-2004-0891 still a risk with updated software?
CVE-2004-0891 should no longer pose a risk if the software has been updated to the fixed version.
- agent/type
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/severity
- agent/weakness
- agent/references
- agent/description
- collector/launchpad-cve
- source/Launchpad
- collector/security-tracker-debian
- source/Debian
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/rob flynn
- product/gaim
- canonical/rob flynn gaim
- vendor/slackware
- product/slackware linux
- canonical/slackware slackware linux
- vendor/ubuntu
- product/ubuntu linux
- canonical/ubuntu ubuntu linux
- vendor/gentoo
- product/linux
- canonical/gentoo linux
- collector/nvd-cve
- source/NVD
- package-manager/ubuntu
- package-manager/debian
- canonical/gaim
- version/gaim/0.10
- version/gaim/0.10.3
- version/gaim/0.50
- version/gaim/0.51
- version/gaim/0.52
- version/gaim/0.53
- version/gaim/0.54
- version/gaim/0.55
- version/gaim/0.56
- version/gaim/0.57
- version/gaim/0.58
- version/gaim/0.59
- version/gaim/0.59.1
- version/gaim/0.60
- version/gaim/0.61
- version/gaim/0.62
- version/gaim/0.63
- version/gaim/0.64
- version/gaim/0.65
- version/gaim/0.66
- version/gaim/0.67
- version/gaim/0.68
- version/gaim/0.69
- version/gaim/0.70
- version/gaim/0.71
- version/gaim/0.72
- version/gaim/0.73
- version/gaim/0.74
- version/gaim/0.75
- version/gaim/0.78
- version/gaim/0.82
- version/gaim/0.82.1
- version/gaim/1.0
- version/gaim/1.0.1
- version/gentoo linux/1.4
- canonical/slackware linux
- version/slackware linux/9.0
- version/slackware linux/9.1
- version/slackware linux/10.0
- version/slackware linux/current
- canonical/ubuntu linux
- version/ubuntu linux/4.1