CVE-2004-0785 Information

Description

Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages (2) a long hostname for the local system as obtained from DNS or (3) a long URL that is not properly handled by the URL decoder.

Reference

http://gaim.sourceforge.net/security/?id=3 http://gaim.sourceforge.net/security/?id=4 http://gaim.sourceforge.net/security/?id=5 http://secunia.com/advisories/12383 http://secunia.com/advisories/12480 http://secunia.com/advisories/12929 http://secunia.com/advisories/13101 http://securitytracker.com/id?1011083 http://www.fedoranews.org/updates/FEDORA-2004-278.shtml http://www.fedoranews.org/updates/FEDORA-2004-279.shtml http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml http://www.osvdb.org/9261 http://www.osvdb.org/9262 http://www.osvdb.org/9263 http://www.redhat.com/support/errata/RHSA-2004-400.html http://www.securityfocus.com/bid/11056 https://exchange.xforce.ibmcloud.com/vulnerabilities/17141 https://exchange.xforce.ibmcloud.com/vulnerabilities/17142 https://exchange.xforce.ibmcloud.com/vulnerabilities/17143 gaim-url-bo(17143) https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10907