Gaim多个远程边界条件错误漏洞-一一网

漏洞信息详情

Gaim多个远程边界条件错误漏洞

CNNVD编号：CNNVD-200403-012

危害等级：高危
CVE编号：
CVE-2004-0006
漏洞类型：

边界条件错误
发布时间：

2004-01-26
威胁类型：

远程
更新时间：

2005-10-20
厂商：

rob_flynn
漏洞来源：
Stefan Esser※ s.es…

漏洞简介

Gaim是一款能多种协议进行即时通信的程序，Ultramagnetic是Gaim的派生程序。
Gaim对多种协议进行通信时存在边界条件错误问题，远程攻击者可以利用这个漏洞进行缓冲区溢出攻击，可能未授权访问使用此软件的主机系统。
在审核Gaim源代码时发现存在12个安全问题，具体如下：
YMSG协议(yahoo messenger)处理器存在缓冲区溢出：
01) Yahoo Octal-Encoding Decoder缓冲溢出
02) Yahoo Octal-Encoding Decoder越界缓冲区溢出
03) Yahoo Web Cookie解析缓冲区溢出
04) Yahoo登录页名解析缓冲区溢出
05) Yahoo登录页值解析缓冲区溢出
06) Yahoo包解析解析缓冲区溢出
oscar协议(AIM)处理器存在缓冲区溢出：
07) AIM/Oscar DirectIM整数溢出
08) quoted-printable编码解析溢出
09) Quoted Printable编码解析越界溢出
10) URL解析函数溢出
11) 展开Info字段函数溢出
12) HTTP代理连接溢出

漏洞公告

临时解决方法：
如果您不能立刻安装补丁或者升级，CNNVD建议您采取以下措施以降低威胁：

* 第三方补丁下载如下：

http://security.e-matters.de/patches/gaim-0.75-fix.diff” target=”_blank”>
http://security.e-matters.de/patches/gaim-0.75-fix.diff
厂商补丁：
MandrakeSoft
————
MandrakeSoft已经为此发布了一个安全公告(MDKSA-2004:006-1)以及相应补丁:

MDKSA-2004:006-1：Updated gaim packages fix multiple vulnerabilities

链接：http://www.linux-mandrake.com/en/security/2004/2004-006.php” target=”_blank”>
http://www.linux-mandrake.com/en/security/2004/2004-006.php

补丁下载：

Updated Packages:

Mandrake Linux 9.1:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/gaim-0.75-1.2.91mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/gaim-encrypt-0.75-1.2.91mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libgaim-remote0-0.75-1.2.91mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/RPMS/libgaim-remote0-devel-0.75-1.2.91mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.1/SRPMS/gaim-0.75-1.2.91mdk.src.rpm

Mandrake Linux 9.1/PPC:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/gaim-0.75-1.2.91mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/gaim-encrypt-0.75-1.2.91mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libgaim-remote0-0.75-1.2.91mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/RPMS/libgaim-remote0-devel-0.75-1.2.91mdk.ppc.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/ppc/9.1/SRPMS/gaim-0.75-1.2.91mdk.src.rpm

Mandrake Linux 9.2:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-0.75-1.2.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-encrypt-0.75-1.2.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-festival-0.75-1.2.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/gaim-perl-0.75-1.2.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libgaim-remote0-0.75-1.2.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/RPMS/libgaim-remote0-devel-0.75-1.2.92mdk.i586.rpm

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/9.2/SRPMS/gaim-0.75-1.2.92mdk.src.rpm

Mandrake Linux 9.2/AMD64:

ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/9.2/RPMS/gaim-0.75-1.2.92mdk.amd64.rpm

上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载：

http://www.mandrakesecure.net/en/ftp.php” target=”_blank”>
http://www.mandrakesecure.net/en/ftp.php
RedHat
——
RedHat已经为此发布了一个安全公告(RHSA-2004:032-01)以及相应补丁:

RHSA-2004:032-01：Updated Gaim packages fix various vulnerabiliies

链接：https://www.redhat.com/support/errata/RHSA-2004-032.html” target=”_blank”>https://www.redhat.com/support/errata/RHSA-2004-032.html

补丁下载：

Red Hat Linux 9:

SRPMS:

ftp://updates.redhat.com/9/en/os/SRPMS/gaim-0.75-0.9.0.src.rpm

i386:

ftp://updates.redhat.com/9/en/os/i386/gaim-0.75-0.9.0.i386.rpm

可使用下列命令安装补丁：

rpm -Fvh [文件名]
S.u.S.E.
——–
S.u.S.E.已经为此发布了一个安全公告(SuSE-SA:2004:004)以及相应补丁:

SuSE-SA:2004:004：gaim

链接：

补丁下载：

Intel i386 Platform:

SuSE-9.0:

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gaim-0.67-65.i586.rpm

09f8d12dd52e246cf32dca8ad3374f39

patch rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/gaim-0.67-65.i586.patch.rpm

3a633e341b9e56facdbe0250b55dd33a

source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/gaim-0.67-65.src.rpm

5ee6a86077c0297a64815532782f7a54

SuSE-8.2:

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gaim-0.59.8-60.i586.rpm

7a269744304f72bf951c7bd6974560f2

patch rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/gaim-0.59.8-60.i586.patch.rpm

e7b18f0da02c1c4392dc1b03e835a827

source rpm(s):

ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/gaim-0.59.8-60.src.rpm

ae7d7b1c9735696244547a0d6a5ee92e

SuSE-8.1:

ftp://ftp.suse.com/pub/suse/i386/update/8.1/rpm/i586/gaim-0.59-158.i586.rpm

22b1d4b

参考网址

来源:US-CERT Vulnerability Note: VU#871838
名称: VU#871838
链接:http://www.kb.cert.org/vuls/id/871838

来源:US-CERT Vulnerability Note: VU#527142
名称: VU#527142
链接:http://www.kb.cert.org/vuls/id/527142

来源:US-CERT Vulnerability Note: VU#503030
名称: VU#503030
链接:http://www.kb.cert.org/vuls/id/503030

来源:US-CERT Vulnerability Note: VU#444158
名称: VU#444158
链接:http://www.kb.cert.org/vuls/id/444158

来源:US-CERT Vulnerability Note: VU#371382
名称: VU#371382
链接:http://www.kb.cert.org/vuls/id/371382

来源:US-CERT Vulnerability Note: VU#297198
名称: VU#297198
链接:http://www.kb.cert.org/vuls/id/297198

来源: REDHAT
名称: RHSA-2004:032
链接:http://www.redhat.com/support/errata/RHSA-2004-032.html

来源: ultramagnetic.sourceforge.net
链接:http://ultramagnetic.sourceforge.net/advisories/001.html

来源: security.e-matters.de
链接:http://security.e-matters.de/advisories/012004.html

来源: REDHAT
名称: RHSA-2004:045
链接:http://www.redhat.com/support/errata/RHSA-2004-045.html

来源: REDHAT
名称: RHSA-2004:033
链接:http://www.redhat.com/support/errata/RHSA-2004-033.html

来源: SUSE
名称: SuSE-SA:2004:004
链接:http://www.novell.com/linux/security/advisories/2004_04_gaim.html

来源: DEBIAN
名称: DSA-434
链接:http://www.debian.org/security/2004/dsa-434

来源: GENTOO
名称: GLSA-200401-04
链接:http://security.gentoo.org/glsa/glsa-200401-04.xml

来源: OVAL
名称: oval:org.mitre.oval:def:10222
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10222

来源: BUGTRAQ
名称: 20040126 Advisory 01/2004: 12 x Gaim remote overflows
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2

来源: SGI
名称: 20040201-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc

来源: XF
名称: gaim-http-proxy-bo(14947)
链接:http://xforce.iss.net/xforce/xfdb/14947

来源: XF
名称: gaim-urlparser-bo(14945)
链接:http://xforce.iss.net/xforce/xfdb/14945

来源: XF
名称: gaim-yahoopacketread-keyname-bo(14943)
链接:http://xforce.iss.net/xforce/xfdb/14943

来源: XF
名称: gaim-login-value-bo(14941)
链接:http://xforce.iss.net/xforce/xfdb/14941

来源: XF
名称: gaim-login-name-bo(14940)
链接:http://xforce.iss.net/xforce/xfdb/14940

来源: XF
名称: gaim-yahoowebpending-cookie-bo(14939)
链接:http://xforce.iss.net/xforce/xfdb/14939

来源: SLACKWARE
名称: SSA:2004-026
链接:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158

来源: SECTRACK
名称: 1008850
链接:http://www.securitytracker.com/id?1008850

来源: BID
名称: 9489
链接:http://www.securityfocus.com/bid/9489

来源: OSVDB
名称: 3732
链接:http://www.osvdb.org/3732

来源: OSVDB
名称: 3731
链接:http://www.osvdb.org/3731

来源: MANDRAKE
名称: MDKSA-2004:006
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2004:006

来源: BUGTRAQ
名称: 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2

来源: CONECTIVA
名称: CLA-2004:813
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813

来源: FULLDISC
名称: 20040126 Advisory 01/2004: 12 x Gaim remote overflows
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html

来源: SGI
名称: 20040202-01-U
链接:ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc

来源: US Government Resource: oval:org.mitre.oval:def:818
名称: oval:org.mitre.oval:def:818
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:818