cvelistv5 - cve-2004-0006

CVE-2004-0006 (GCVE-0-2004-0006)

Vulnerability from cvelistv5 – Published: 2004-01-29 05:00 – Updated: 2024-08-08 00:01

Summary

Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
	http://www.securityfocus.com/bid/9489	vdb-entryx_refsource_BID
	http://www.debian.org/security/2004/dsa-434	vendor-advisoryx_refsource_DEBIAN
	ftp://patches.sgi.com/support/free/security/advis…	vendor-advisoryx_refsource_SGI
	http://www.redhat.com/support/errata/RHSA-2004-032.html	vendor-advisoryx_refsource_REDHAT
	http://www.novell.com/linux/security/advisories/2…	vendor-advisoryx_refsource_SUSE
	http://www.osvdb.org/3732	vdb-entryx_refsource_OSVDB
	http://www.slackware.com/security/viewer.php?l=sl…	vendor-advisoryx_refsource_SLACKWARE
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://www.kb.cert.org/vuls/id/871838	third-party-advisoryx_refsource_CERT-VN
	http://www.kb.cert.org/vuls/id/444158	third-party-advisoryx_refsource_CERT-VN
	http://marc.info/?l=bugtraq&m=107513690306318&w=2	mailing-listx_refsource_BUGTRAQ
	http://www.kb.cert.org/vuls/id/297198	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
	http://ultramagnetic.sourceforge.net/advisories/0…	x_refsource_CONFIRM
	http://security.gentoo.org/glsa/glsa-200401-04.xml	vendor-advisoryx_refsource_GENTOO
	http://www.securitytracker.com/id?1008850	vdb-entryx_refsource_SECTRACK
	http://marc.info/?l=bugtraq&m=107522432613022&w=2	mailing-listx_refsource_BUGTRAQ
	http://security.e-matters.de/advisories/012004.html	x_refsource_MISC
	http://www.redhat.com/support/errata/RHSA-2004-033.html	vendor-advisoryx_refsource_REDHAT
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRAKE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://archives.neohapsis.com/archives/fulldisclo…	mailing-listx_refsource_FULLDISC
	http://www.kb.cert.org/vuls/id/527142	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://www.kb.cert.org/vuls/id/371382	third-party-advisoryx_refsource_CERT-VN
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://distro.conectiva.com.br/atualizacoes/?id=a…	vendor-advisoryx_refsource_CONECTIVA
	http://www.osvdb.org/3731	vdb-entryx_refsource_OSVDB
	http://www.kb.cert.org/vuls/id/503030	third-party-advisoryx_refsource_CERT-VN
	http://www.redhat.com/support/errata/RHSA-2004-045.html	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:01:23.633Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20040202-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
          },
          {
            "name": "9489",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/9489"
          },
          {
            "name": "DSA-434",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2004/dsa-434"
          },
          {
            "name": "20040201-01-U",
            "tags": [
              "vendor-advisory",
              "x_refsource_SGI",
              "x_transferred"
            ],
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
          },
          {
            "name": "RHSA-2004:032",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
          },
          {
            "name": "SuSE-SA:2004:004",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
          },
          {
            "name": "3732",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3732"
          },
          {
            "name": "SSA:2004-026",
            "tags": [
              "vendor-advisory",
              "x_refsource_SLACKWARE",
              "x_transferred"
            ],
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
          },
          {
            "name": "oval:org.mitre.oval:def:818",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
          },
          {
            "name": "VU#871838",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/871838"
          },
          {
            "name": "VU#444158",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/444158"
          },
          {
            "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
          },
          {
            "name": "VU#297198",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/297198"
          },
          {
            "name": "gaim-login-value-bo(14941)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
          },
          {
            "name": "oval:org.mitre.oval:def:10222",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
          },
          {
            "name": "GLSA-200401-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
          },
          {
            "name": "1008850",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1008850"
          },
          {
            "name": "20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://security.e-matters.de/advisories/012004.html"
          },
          {
            "name": "RHSA-2004:033",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
          },
          {
            "name": "MDKSA-2004:006",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRAKE",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
          },
          {
            "name": "gaim-yahoowebpending-cookie-bo(14939)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
          },
          {
            "name": "gaim-http-proxy-bo(14947)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
          },
          {
            "name": "gaim-login-name-bo(14940)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
          },
          {
            "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
          },
          {
            "name": "VU#527142",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/527142"
          },
          {
            "name": "gaim-urlparser-bo(14945)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
          },
          {
            "name": "VU#371382",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/371382"
          },
          {
            "name": "gaim-yahoopacketread-keyname-bo(14943)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
          },
          {
            "name": "CLA-2004:813",
            "tags": [
              "vendor-advisory",
              "x_refsource_CONECTIVA",
              "x_transferred"
            ],
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
          },
          {
            "name": "3731",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/3731"
          },
          {
            "name": "VU#503030",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/503030"
          },
          {
            "name": "RHSA-2004:045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-01-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-10T00:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20040202-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
        },
        {
          "name": "9489",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/9489"
        },
        {
          "name": "DSA-434",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2004/dsa-434"
        },
        {
          "name": "20040201-01-U",
          "tags": [
            "vendor-advisory",
            "x_refsource_SGI"
          ],
          "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
        },
        {
          "name": "RHSA-2004:032",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
        },
        {
          "name": "SuSE-SA:2004:004",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
        },
        {
          "name": "3732",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3732"
        },
        {
          "name": "SSA:2004-026",
          "tags": [
            "vendor-advisory",
            "x_refsource_SLACKWARE"
          ],
          "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
        },
        {
          "name": "oval:org.mitre.oval:def:818",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
        },
        {
          "name": "VU#871838",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/871838"
        },
        {
          "name": "VU#444158",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/444158"
        },
        {
          "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
        },
        {
          "name": "VU#297198",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/297198"
        },
        {
          "name": "gaim-login-value-bo(14941)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
        },
        {
          "name": "oval:org.mitre.oval:def:10222",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
        },
        {
          "name": "GLSA-200401-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
        },
        {
          "name": "1008850",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1008850"
        },
        {
          "name": "20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://security.e-matters.de/advisories/012004.html"
        },
        {
          "name": "RHSA-2004:033",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
        },
        {
          "name": "MDKSA-2004:006",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRAKE"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
        },
        {
          "name": "gaim-yahoowebpending-cookie-bo(14939)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
        },
        {
          "name": "gaim-http-proxy-bo(14947)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
        },
        {
          "name": "gaim-login-name-bo(14940)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
        },
        {
          "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
        },
        {
          "name": "VU#527142",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/527142"
        },
        {
          "name": "gaim-urlparser-bo(14945)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
        },
        {
          "name": "VU#371382",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/371382"
        },
        {
          "name": "gaim-yahoopacketread-keyname-bo(14943)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
        },
        {
          "name": "CLA-2004:813",
          "tags": [
            "vendor-advisory",
            "x_refsource_CONECTIVA"
          ],
          "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
        },
        {
          "name": "3731",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/3731"
        },
        {
          "name": "VU#503030",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/503030"
        },
        {
          "name": "RHSA-2004:045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0006",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20040202-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
            },
            {
              "name": "9489",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/9489"
            },
            {
              "name": "DSA-434",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2004/dsa-434"
            },
            {
              "name": "20040201-01-U",
              "refsource": "SGI",
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
            },
            {
              "name": "RHSA-2004:032",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
            },
            {
              "name": "SuSE-SA:2004:004",
              "refsource": "SUSE",
              "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
            },
            {
              "name": "3732",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3732"
            },
            {
              "name": "SSA:2004-026",
              "refsource": "SLACKWARE",
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
            },
            {
              "name": "oval:org.mitre.oval:def:818",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
            },
            {
              "name": "VU#871838",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/871838"
            },
            {
              "name": "VU#444158",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/444158"
            },
            {
              "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
            },
            {
              "name": "VU#297198",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/297198"
            },
            {
              "name": "gaim-login-value-bo(14941)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
            },
            {
              "name": "oval:org.mitre.oval:def:10222",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
            },
            {
              "name": "http://ultramagnetic.sourceforge.net/advisories/001.html",
              "refsource": "CONFIRM",
              "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
            },
            {
              "name": "GLSA-200401-04",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
            },
            {
              "name": "1008850",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1008850"
            },
            {
              "name": "20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code",
              "refsource": "BUGTRAQ",
              "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
            },
            {
              "name": "http://security.e-matters.de/advisories/012004.html",
              "refsource": "MISC",
              "url": "http://security.e-matters.de/advisories/012004.html"
            },
            {
              "name": "RHSA-2004:033",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
            },
            {
              "name": "MDKSA-2004:006",
              "refsource": "MANDRAKE",
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
            },
            {
              "name": "gaim-yahoowebpending-cookie-bo(14939)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
            },
            {
              "name": "gaim-http-proxy-bo(14947)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
            },
            {
              "name": "gaim-login-name-bo(14940)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
            },
            {
              "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
            },
            {
              "name": "VU#527142",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/527142"
            },
            {
              "name": "gaim-urlparser-bo(14945)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
            },
            {
              "name": "VU#371382",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/371382"
            },
            {
              "name": "gaim-yahoopacketread-keyname-bo(14943)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
            },
            {
              "name": "CLA-2004:813",
              "refsource": "CONECTIVA",
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
            },
            {
              "name": "3731",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/3731"
            },
            {
              "name": "VU#503030",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/503030"
            },
            {
              "name": "RHSA-2004:045",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0006",
    "datePublished": "2004-01-29T05:00:00",
    "dateReserved": "2004-01-05T00:00:00",
    "dateUpdated": "2024-08-08T00:01:23.633Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:rob_flynn:gaim:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.75\", \"matchCriteriaId\": \"0207F046-59D5-4F9B-89FC-E789D83D939C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"0.81\", \"matchCriteriaId\": \"6A512FDD-F4A5-455F-B0B0-9F35EE432586\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de b\\u00fafer en Gaim 0.75 y anteriores, y Ultramagnetic anteriores a de 0.81, permite a atacantes remotos causar una denegaci\\u00f3n de servicio y posiblemente ejecutar c\\u00f3digo arbitrario.\"}]",
      "id": "CVE-2004-0006",
      "lastModified": "2024-11-20T23:47:34.117",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": true, \"userInteractionRequired\": false}]}",
      "published": "2004-03-03T05:00:00.000",
      "references": "[{\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://security.e-matters.de/advisories/012004.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200401-04.xml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://ultramagnetic.sourceforge.net/advisories/001.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2004/dsa-434\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/297198\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/371382\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/444158\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/503030\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/527142\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/871838\", \"source\": \"cve@mitre.org\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2004:006\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2004_04_gaim.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/3731\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/3732\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2004-032.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2004-033.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2004-045.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/9489\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securitytracker.com/id?1008850\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14939\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14940\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14941\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14943\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14945\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14947\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818\", \"source\": \"cve@mitre.org\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://security.e-matters.de/advisories/012004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://security.gentoo.org/glsa/glsa-200401-04.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://ultramagnetic.sourceforge.net/advisories/001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2004/dsa-434\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/297198\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/371382\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/444158\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/503030\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/527142\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.kb.cert.org/vuls/id/871838\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2004:006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.novell.com/linux/security/advisories/2004_04_gaim.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/3731\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/3732\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2004-032.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2004-033.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2004-045.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/9489\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id?1008850\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14939\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14940\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14941\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14943\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14945\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/14947\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-0006\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2004-03-03T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de b\u00fafer en Gaim 0.75 y anteriores, y Ultramagnetic anteriores a de 0.81, permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:rob_flynn:gaim:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.75\",\"matchCriteriaId\":\"0207F046-59D5-4F9B-89FC-E789D83D939C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"0.81\",\"matchCriteriaId\":\"6A512FDD-F4A5-455F-B0B0-9F35EE432586\"}]}]}],\"references\":[{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://security.e-matters.de/advisories/012004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200401-04.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ultramagnetic.sourceforge.net/advisories/001.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2004/dsa-434\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.kb.cert.org/vuls/id/297198\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/371382\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/444158\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/503030\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/527142\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/871838\",\"source\":\"cve@mitre.org\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:006\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2004_04_gaim.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/3731\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/3732\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-032.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-033.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-045.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/9489\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securitytracker.com/id?1008850\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14939\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14940\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14941\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14943\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14945\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14947\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818\",\"source\":\"cve@mitre.org\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://security.e-matters.de/advisories/012004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200401-04.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://ultramagnetic.sourceforge.net/advisories/001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2004/dsa-434\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/297198\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/371382\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/444158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/503030\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/527142\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/871838\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2004:006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.novell.com/linux/security/advisories/2004_04_gaim.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/3731\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/3732\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-032.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-033.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2004-045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/9489\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1008850\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14939\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14940\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14941\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14943\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/14947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2004-0006

Vulnerability from fkie_nvd - Published: 2004-03-03 05:00 - Updated: 2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
cve@mitre.org	ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
cve@mitre.org	http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
cve@mitre.org	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
cve@mitre.org	http://marc.info/?l=bugtraq&m=107513690306318&w=2
cve@mitre.org	http://marc.info/?l=bugtraq&m=107522432613022&w=2
cve@mitre.org	http://security.e-matters.de/advisories/012004.html	Patch, Vendor Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200401-04.xml	Vendor Advisory
cve@mitre.org	http://ultramagnetic.sourceforge.net/advisories/001.html	Patch, Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2004/dsa-434
cve@mitre.org	http://www.kb.cert.org/vuls/id/297198	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/371382	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/444158	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/503030	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/527142	US Government Resource
cve@mitre.org	http://www.kb.cert.org/vuls/id/871838	US Government Resource
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
cve@mitre.org	http://www.novell.com/linux/security/advisories/2004_04_gaim.html
cve@mitre.org	http://www.osvdb.org/3731
cve@mitre.org	http://www.osvdb.org/3732
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-032.html	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-033.html
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2004-045.html
cve@mitre.org	http://www.securityfocus.com/bid/9489
cve@mitre.org	http://www.securitytracker.com/id?1008850
cve@mitre.org	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/14939
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/14940
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/14941
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/14943
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/14945
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/14947
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222
cve@mitre.org	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
af854a3a-2127-422b-91ae-364da2661108	ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
af854a3a-2127-422b-91ae-364da2661108	http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
af854a3a-2127-422b-91ae-364da2661108	http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=107513690306318&w=2
af854a3a-2127-422b-91ae-364da2661108	http://marc.info/?l=bugtraq&m=107522432613022&w=2
af854a3a-2127-422b-91ae-364da2661108	http://security.e-matters.de/advisories/012004.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200401-04.xml	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://ultramagnetic.sourceforge.net/advisories/001.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2004/dsa-434
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/297198	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/371382	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/444158	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/503030	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/527142	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/871838	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/linux/security/advisories/2004_04_gaim.html
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/3731
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/3732
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2004-032.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2004-033.html
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2004-045.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/9489
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1008850
af854a3a-2127-422b-91ae-364da2661108	http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/14939
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/14940
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/14941
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/14943
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/14945
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/14947
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222
af854a3a-2127-422b-91ae-364da2661108	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818

Impacted products

	Vendor	Product	Version
	rob_flynn	gaim	*
	ultramagnetic	ultramagnetic	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:rob_flynn:gaim:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0207F046-59D5-4F9B-89FC-E789D83D939C",
              "versionEndIncluding": "0.75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A512FDD-F4A5-455F-B0B0-9F35EE432586",
              "versionEndIncluding": "0.81",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de b\u00fafer en Gaim 0.75 y anteriores, y Ultramagnetic anteriores a de 0.81, permite a atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario."
    }
  ],
  "id": "CVE-2004-0006",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2004-03-03T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.e-matters.de/advisories/012004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2004/dsa-434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/297198"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/371382"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/444158"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/503030"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/527142"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/871838"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3731"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3732"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/9489"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1008850"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://security.e-matters.de/advisories/012004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2004/dsa-434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/297198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/371382"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/444158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/503030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/527142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/871838"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3731"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3732"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/9489"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1008850"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

RHSA-2004_045

Vulnerability from csaf_redhat - Published: 2004-02-09 18:36 - Updated: 2024-11-21 22:56

Summary

Red Hat Security Advisory: gaim security update

Notes

Topic

Updated Gaim packages that fix a pair of security vulnerabilities are now available.

Details

Gaim is an instant messenger client that can handle multiple protocols. Stefan Esser audited the Gaim source code and found a number of bugs that have security implications. Many of these bugs do not affect the version of Gaim distributed with version 2.1 of Red Hat Enterprise Linux. A buffer overflow exists in the HTTP Proxy connect code. If Gaim is configured to use an HTTP proxy for connecting to a server, a malicious HTTP proxy could run arbitrary code as the user running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0006 to this issue. An integer overflow in Gaim 0.74 and earlier, when allocating memory for a directIM packet for AIM/Oscar, results in heap overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0008 to this issue. Users of Gaim should upgrade to these erratum packages, which contain a backported security patch correcting this issue. Red Hat would like to thank Steffan Esser for finding and reporting these issues and Jacques A. Vidrine for providing initial patches.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Gaim packages that fix a pair of security vulnerabilities are now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gaim is an instant messenger client that can handle multiple protocols.\n\nStefan Esser audited the Gaim source code and found a number of bugs that\nhave security implications.  Many of these bugs do not affect the version\nof Gaim distributed with version 2.1 of Red Hat Enterprise Linux. \n\nA buffer overflow exists in the HTTP Proxy connect code.  If Gaim is\nconfigured to use an HTTP proxy for connecting to a server, a malicious\nHTTP proxy could run arbitrary code as the user running Gaim.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0006 to this issue.\n\nAn integer overflow in Gaim 0.74 and earlier, when allocating memory for a\ndirectIM packet for AIM/Oscar, results in heap overflow. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0008 to this issue.\n\nUsers of Gaim should upgrade to these erratum packages, which contain\na backported security patch correcting this issue.\n\nRed Hat would like to thank Steffan Esser for finding and reporting these\nissues and Jacques A. Vidrine for providing initial patches.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:045",
        "url": "https://access.redhat.com/errata/RHSA-2004:045"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012004.txt",
        "url": "http://security.e-matters.de/advisories/012004.txt"
      },
      {
        "category": "external",
        "summary": "113844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=113844"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_045.json"
      }
    ],
    "title": "Red Hat Security Advisory: gaim security update",
    "tracking": {
      "current_release_date": "2024-11-21T22:56:23+00:00",
      "generator": {
        "date": "2024-11-21T22:56:23+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:045",
      "initial_release_date": "2004-02-09T18:36:00+00:00",
      "revision_history": [
        {
          "date": "2004-02-09T18:36:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-02-09T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:56:23+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0006",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617131",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-02-09T18:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:045"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0008",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-02-09T18:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:045"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2004:033

Vulnerability from csaf_redhat - Published: 2004-01-26 19:01 - Updated: 2004-01-19 00:00

Summary

Red Hat Security Advisory: gaim security update

Notes

Topic

Updated Gaim packages that fix a number of serious vulnerabilities are now available.

Details

Gaim is an instant messenger client that can handle multiple protocols. Stefan Esser audited the Gaim source code and found a number of bugs that have security implications. Due to the nature of instant messaging many of these bugs require man-in-the-middle attacks between client and server. However at least one of the buffer overflows could be exploited by an attacker sending a carefully-constructed malicious message through a server. The issues include: Multiple buffer overflows that affect versions of Gaim 0.75 and earlier. 1) When parsing cookies in a Yahoo web connection, 2) YMSG protocol overflows parsing the Yahoo login webpage, 3) a YMSG packet overflow, 4) flaws in the URL parser, and 5) flaws in HTTP Proxy connect. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0006 to these issues. A buffer overflow in Gaim 0.74 and earlier in the Extract Info Field Function used for MSN and YMSG protocol handlers. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0007 to this issue. An integer overflow in Gaim 0.74 and earlier, when allocating memory for a directIM packet results in heap overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0008 to this issue. All users of Gaim should upgrade to these erratum packages, which contain backported security patches correcting these issues. Red Hat would like to thank Steffan Esser for finding and reporting these issues and Jacques A. Vidrine for providing initial patches.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Gaim packages that fix a number of serious vulnerabilities are now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gaim is an instant messenger client that can handle multiple protocols.\n\nStefan Esser audited the Gaim source code and found a number of bugs that\nhave security implications.  Due to the nature of instant messaging many of\nthese bugs require man-in-the-middle attacks between client and server.\nHowever at least one of the buffer overflows could be exploited by an\nattacker sending a carefully-constructed malicious message through a server.\n\nThe issues include:\n\nMultiple buffer overflows that affect versions of Gaim 0.75 and earlier. \n1) When parsing cookies in a Yahoo web connection, 2) YMSG protocol\noverflows parsing the Yahoo login webpage, 3) a YMSG packet overflow, 4)\nflaws in the URL parser, and 5) flaws in HTTP Proxy connect.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0006 to these issues.\n\nA buffer overflow in Gaim 0.74 and earlier in the Extract Info\nField Function used for MSN and YMSG protocol handlers. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0007 to this issue.\n\nAn integer overflow in Gaim 0.74 and earlier, when allocating\nmemory for a directIM packet results in heap overflow.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0008 to this issue.\n\nAll users of Gaim should upgrade to these erratum packages, which contain\nbackported security patches correcting these issues.  \n\nRed Hat would like to thank Steffan Esser for finding and reporting these\nissues and Jacques A. Vidrine for providing initial patches.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:033",
        "url": "https://access.redhat.com/errata/RHSA-2004:033"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2004/rhsa-2004_033.json"
      }
    ],
    "title": "Red Hat Security Advisory: gaim security update",
    "tracking": {
      "current_release_date": "2004-01-19T00:00:00Z",
      "generator": {
        "date": "2023-06-30T19:09:00Z",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.18.0"
        }
      },
      "id": "RHSA-2004:033",
      "initial_release_date": "2004-01-26T19:01:00Z",
      "revision_history": [
        {
          "date": "2004-01-19T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "Red Hat Enterprise Linux"
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0006",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "CVE-2004-0006",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "bz#1617131: CVE-2004-0006 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        }
      ],
      "release_date": "2004-01-26T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2004:033"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-0006 security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0007",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617132"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "CVE-2004-0007",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "bz#1617132: CVE-2004-0007 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617132"
        }
      ],
      "release_date": "2004-01-26T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2004:033"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-0007 security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0008",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "CVE-2004-0008",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "bz#1617133: CVE-2004-0008 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        }
      ],
      "release_date": "2004-01-26T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2004:033"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "CVE-2004-0008 security flaw"
    }
  ]
}

RHSA-2004_032

Vulnerability from csaf_redhat - Published: 2004-01-26 17:38 - Updated: 2024-11-21 22:56

Summary

Red Hat Security Advisory: : Updated Gaim packages fix various vulnerabiliies

Notes

Topic

Updated Gaim packages that fix a number of serious vulnerabilities are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Gaim packages that fix a number of serious vulnerabilities are now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gaim is an instant messenger client that can handle multiple protocols.\n\nStefan Esser audited the Gaim source code and found a number of bugs that\nhave security implications.  Due to the nature of instant messaging many of\nthese bugs require man-in-the-middle attacks between client and server.\nHowever at least one of the buffer overflows could be exploited by an\nattacker sending a carefully-constructed malicious message through a server.\n\nThe issues include:\n\nMultiple buffer overflows that affect versions of Gaim 0.75 and earlier. \n1) When parsing cookies in a Yahoo web connection, 2) YMSG protocol\noverflows parsing the Yahoo login webpage, 3) a YMSG packet overflow, 4)\nflaws in the URL parser, and 5) flaws in HTTP Proxy connect.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0006 to these issues.\n\nA buffer overflow in Gaim 0.74 and earlier in the Extract Info\nField Function used for MSN and YMSG protocol handlers. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0007 to this issue.\n\nAn integer overflow in Gaim 0.74 and earlier, when allocating\nmemory for a directIM packet results in heap overflow.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0008 to this issue.\n\nAll users of Gaim should upgrade to these erratum packages, which contain\nbackported security patches correcting these issues.  \n\nRed Hat would like to thank Steffan Esser for finding and reporting these\nissues and Jacques A. Vidrine for providing initial patches.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:032",
        "url": "https://access.redhat.com/errata/RHSA-2004:032"
      },
      {
        "category": "external",
        "summary": "113845",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=113845"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_032.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated Gaim packages fix various vulnerabiliies",
    "tracking": {
      "current_release_date": "2024-11-21T22:56:19+00:00",
      "generator": {
        "date": "2024-11-21T22:56:19+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2004:032",
      "initial_release_date": "2004-01-26T17:38:00+00:00",
      "revision_history": [
        {
          "date": "2004-01-26T17:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-01-19T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T22:56:19+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0006",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617131",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-26T17:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:032"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0007",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617132"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617132",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617132"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-26T17:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:032"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0008",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-26T17:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:032"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2004:045

Vulnerability from csaf_redhat - Published: 2004-02-09 18:36 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: gaim security update

Notes

Topic

Updated Gaim packages that fix a pair of security vulnerabilities are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Gaim packages that fix a pair of security vulnerabilities are now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gaim is an instant messenger client that can handle multiple protocols.\n\nStefan Esser audited the Gaim source code and found a number of bugs that\nhave security implications.  Many of these bugs do not affect the version\nof Gaim distributed with version 2.1 of Red Hat Enterprise Linux. \n\nA buffer overflow exists in the HTTP Proxy connect code.  If Gaim is\nconfigured to use an HTTP proxy for connecting to a server, a malicious\nHTTP proxy could run arbitrary code as the user running Gaim.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0006 to this issue.\n\nAn integer overflow in Gaim 0.74 and earlier, when allocating memory for a\ndirectIM packet for AIM/Oscar, results in heap overflow. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0008 to this issue.\n\nUsers of Gaim should upgrade to these erratum packages, which contain\na backported security patch correcting this issue.\n\nRed Hat would like to thank Steffan Esser for finding and reporting these\nissues and Jacques A. Vidrine for providing initial patches.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:045",
        "url": "https://access.redhat.com/errata/RHSA-2004:045"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "external",
        "summary": "http://security.e-matters.de/advisories/012004.txt",
        "url": "http://security.e-matters.de/advisories/012004.txt"
      },
      {
        "category": "external",
        "summary": "113844",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=113844"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_045.json"
      }
    ],
    "title": "Red Hat Security Advisory: gaim security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:58+00:00",
      "generator": {
        "date": "2025-11-21T17:26:58+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2004:045",
      "initial_release_date": "2004-02-09T18:36:00+00:00",
      "revision_history": [
        {
          "date": "2004-02-09T18:36:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-02-09T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:58+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0006",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617131",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-02-09T18:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:045"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0008",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-02-09T18:36:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:045"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2004_033

Vulnerability from csaf_redhat - Published: 2004-01-26 19:01 - Updated: 2004-01-19 00:00

Summary

Red Hat Security Advisory: gaim security update

Notes

Topic

Updated Gaim packages that fix a number of serious vulnerabilities are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 2023 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Gaim packages that fix a number of serious vulnerabilities are now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gaim is an instant messenger client that can handle multiple protocols.\n\nStefan Esser audited the Gaim source code and found a number of bugs that\nhave security implications.  Due to the nature of instant messaging many of\nthese bugs require man-in-the-middle attacks between client and server.\nHowever at least one of the buffer overflows could be exploited by an\nattacker sending a carefully-constructed malicious message through a server.\n\nThe issues include:\n\nMultiple buffer overflows that affect versions of Gaim 0.75 and earlier. \n1) When parsing cookies in a Yahoo web connection, 2) YMSG protocol\noverflows parsing the Yahoo login webpage, 3) a YMSG packet overflow, 4)\nflaws in the URL parser, and 5) flaws in HTTP Proxy connect.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0006 to these issues.\n\nA buffer overflow in Gaim 0.74 and earlier in the Extract Info\nField Function used for MSN and YMSG protocol handlers. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0007 to this issue.\n\nAn integer overflow in Gaim 0.74 and earlier, when allocating\nmemory for a directIM packet results in heap overflow.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0008 to this issue.\n\nAll users of Gaim should upgrade to these erratum packages, which contain\nbackported security patches correcting these issues.  \n\nRed Hat would like to thank Steffan Esser for finding and reporting these\nissues and Jacques A. Vidrine for providing initial patches.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:033",
        "url": "https://access.redhat.com/errata/RHSA-2004:033"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#critical",
        "url": "https://access.redhat.com/security/updates/classification/#critical"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2004/rhsa-2004_033.json"
      }
    ],
    "title": "Red Hat Security Advisory: gaim security update",
    "tracking": {
      "current_release_date": "2004-01-19T00:00:00Z",
      "generator": {
        "date": "2023-06-30T19:09:00Z",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.18.0"
        }
      },
      "id": "RHSA-2004:033",
      "initial_release_date": "2004-01-26T19:01:00Z",
      "revision_history": [
        {
          "date": "2004-01-19T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_family",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "Red Hat Enterprise Linux"
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0006",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "CVE-2004-0006",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "bz#1617131: CVE-2004-0006 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        }
      ],
      "release_date": "2004-01-26T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2004:033"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-0006 security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0007",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617132"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "CVE-2004-0007",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "bz#1617132: CVE-2004-0007 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617132"
        }
      ],
      "release_date": "2004-01-26T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2004:033"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "CVE-2004-0007 security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0008",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla",
          "text": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "CVE-2004-0008",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "bz#1617133: CVE-2004-0008 security flaw",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        }
      ],
      "release_date": "2004-01-26T00:00:00Z",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Enterprise Linux"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2004:033"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "CVE-2004-0008 security flaw"
    }
  ]
}

RHSA-2004:032

Vulnerability from csaf_redhat - Published: 2004-01-26 17:38 - Updated: 2025-11-21 17:26

Summary

Red Hat Security Advisory: : Updated Gaim packages fix various vulnerabiliies

Notes

Topic

Updated Gaim packages that fix a number of serious vulnerabilities are now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Critical"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Gaim packages that fix a number of serious vulnerabilities are now\navailable.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Gaim is an instant messenger client that can handle multiple protocols.\n\nStefan Esser audited the Gaim source code and found a number of bugs that\nhave security implications.  Due to the nature of instant messaging many of\nthese bugs require man-in-the-middle attacks between client and server.\nHowever at least one of the buffer overflows could be exploited by an\nattacker sending a carefully-constructed malicious message through a server.\n\nThe issues include:\n\nMultiple buffer overflows that affect versions of Gaim 0.75 and earlier. \n1) When parsing cookies in a Yahoo web connection, 2) YMSG protocol\noverflows parsing the Yahoo login webpage, 3) a YMSG packet overflow, 4)\nflaws in the URL parser, and 5) flaws in HTTP Proxy connect.  The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2004-0006 to these issues.\n\nA buffer overflow in Gaim 0.74 and earlier in the Extract Info\nField Function used for MSN and YMSG protocol handlers. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0007 to this issue.\n\nAn integer overflow in Gaim 0.74 and earlier, when allocating\nmemory for a directIM packet results in heap overflow.\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CAN-2004-0008 to this issue.\n\nAll users of Gaim should upgrade to these erratum packages, which contain\nbackported security patches correcting these issues.  \n\nRed Hat would like to thank Steffan Esser for finding and reporting these\nissues and Jacques A. Vidrine for providing initial patches.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2004:032",
        "url": "https://access.redhat.com/errata/RHSA-2004:032"
      },
      {
        "category": "external",
        "summary": "113845",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=113845"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2004/rhsa-2004_032.json"
      }
    ],
    "title": "Red Hat Security Advisory: : Updated Gaim packages fix various vulnerabiliies",
    "tracking": {
      "current_release_date": "2025-11-21T17:26:55+00:00",
      "generator": {
        "date": "2025-11-21T17:26:55+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2004:032",
      "initial_release_date": "2004-01-26T17:38:00+00:00",
      "revision_history": [
        {
          "date": "2004-01-26T17:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2004-01-19T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:26:55+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Linux 9",
                "product": {
                  "name": "Red Hat Linux 9",
                  "product_id": "Red Hat Linux 9",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:linux:9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0006",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617131"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617131",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617131"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0006",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0006"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-26T17:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:032"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0007",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617132"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617132",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617132"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0007"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-26T17:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:032"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "security flaw"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "Steffan Esser",
            "Jacques A. Vidrine"
          ]
        }
      ],
      "cve": "CVE-2004-0008",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617133"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Linux 9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617133",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617133"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0008",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0008"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0008"
        }
      ],
      "release_date": "2004-01-26T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2004-01-26T17:38:00+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nTo update all RPMs for your particular architecture, run:\n\nrpm -Fvh [filenames]\n\nwhere [filenames] is a list of the RPMs you wish to upgrade.  Only those\nRPMs which are currently installed will be updated.  Those RPMs which are\nnot installed but included in the list will not be updated.  Note that you\ncan also use wildcards (*.rpm) if your current directory *only* contains the\ndesired RPMs.\n\nPlease note that this update is also available via Red Hat Network.  Many\npeople find this an easier way to apply updates.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.\n\nIf up2date fails to connect to Red Hat Network due to SSL Certificate \nErrors, you need to install a version of the up2date client with an updated \ncertificate.  The latest version of up2date is available from the Red Hat \nFTP site and may also be downloaded directly from the RHN website:\n\nhttps://rhn.redhat.com/help/latest-up2date.pxt",
          "product_ids": [
            "Red Hat Linux 9"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2004:032"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Critical"
        }
      ],
      "title": "security flaw"
    }
  ]
}

GHSA-Q864-5RMM-C437

Vulnerability from github – Published: 2022-05-03 03:12 – Updated: 2022-05-03 03:12

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-0006"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2004-03-03T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
  "id": "GHSA-q864-5rmm-c437",
  "modified": "2022-05-03T03:12:52Z",
  "published": "2022-05-03T03:12:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0006"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
    },
    {
      "type": "WEB",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
    },
    {
      "type": "WEB",
      "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
    },
    {
      "type": "WEB",
      "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
    },
    {
      "type": "WEB",
      "url": "http://security.e-matters.de/advisories/012004.html"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
    },
    {
      "type": "WEB",
      "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2004/dsa-434"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/297198"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/371382"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/444158"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/503030"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/527142"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/871838"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/3731"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/3732"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/9489"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1008850"
    },
    {
      "type": "WEB",
      "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2004-0006

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2004-0006

Aliases

CVE-2004-0006

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-0006",
    "description": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
    "id": "GSD-2004-0006",
    "references": [
      "https://www.suse.com/security/cve/CVE-2004-0006.html",
      "https://www.debian.org/security/2004/dsa-434",
      "https://access.redhat.com/errata/RHSA-2004:045",
      "https://access.redhat.com/errata/RHSA-2004:033",
      "https://access.redhat.com/errata/RHSA-2004:032"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-0006"
      ],
      "details": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.",
      "id": "GSD-2004-0006",
      "modified": "2023-12-13T01:22:54.141150Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-0006",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20040202-01-U",
            "refsource": "SGI",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
          },
          {
            "name": "9489",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/9489"
          },
          {
            "name": "DSA-434",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2004/dsa-434"
          },
          {
            "name": "20040201-01-U",
            "refsource": "SGI",
            "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
          },
          {
            "name": "RHSA-2004:032",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
          },
          {
            "name": "SuSE-SA:2004:004",
            "refsource": "SUSE",
            "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
          },
          {
            "name": "3732",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/3732"
          },
          {
            "name": "SSA:2004-026",
            "refsource": "SLACKWARE",
            "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
          },
          {
            "name": "oval:org.mitre.oval:def:818",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
          },
          {
            "name": "VU#871838",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/871838"
          },
          {
            "name": "VU#444158",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/444158"
          },
          {
            "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
          },
          {
            "name": "VU#297198",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/297198"
          },
          {
            "name": "gaim-login-value-bo(14941)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
          },
          {
            "name": "oval:org.mitre.oval:def:10222",
            "refsource": "OVAL",
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
          },
          {
            "name": "http://ultramagnetic.sourceforge.net/advisories/001.html",
            "refsource": "CONFIRM",
            "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
          },
          {
            "name": "GLSA-200401-04",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
          },
          {
            "name": "1008850",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1008850"
          },
          {
            "name": "20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code",
            "refsource": "BUGTRAQ",
            "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
          },
          {
            "name": "http://security.e-matters.de/advisories/012004.html",
            "refsource": "MISC",
            "url": "http://security.e-matters.de/advisories/012004.html"
          },
          {
            "name": "RHSA-2004:033",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
          },
          {
            "name": "MDKSA-2004:006",
            "refsource": "MANDRAKE",
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
          },
          {
            "name": "gaim-yahoowebpending-cookie-bo(14939)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
          },
          {
            "name": "gaim-http-proxy-bo(14947)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
          },
          {
            "name": "gaim-login-name-bo(14940)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
          },
          {
            "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
            "refsource": "FULLDISC",
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
          },
          {
            "name": "VU#527142",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/527142"
          },
          {
            "name": "gaim-urlparser-bo(14945)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
          },
          {
            "name": "VU#371382",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/371382"
          },
          {
            "name": "gaim-yahoopacketread-keyname-bo(14943)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
          },
          {
            "name": "CLA-2004:813",
            "refsource": "CONECTIVA",
            "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
          },
          {
            "name": "3731",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/3731"
          },
          {
            "name": "VU#503030",
            "refsource": "CERT-VN",
            "url": "http://www.kb.cert.org/vuls/id/503030"
          },
          {
            "name": "RHSA-2004:045",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.81",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:rob_flynn:gaim:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.75",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0006"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-200401-04",
              "refsource": "GENTOO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200401-04.xml"
            },
            {
              "name": "http://security.e-matters.de/advisories/012004.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://security.e-matters.de/advisories/012004.html"
            },
            {
              "name": "http://ultramagnetic.sourceforge.net/advisories/001.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://ultramagnetic.sourceforge.net/advisories/001.html"
            },
            {
              "name": "RHSA-2004:032",
              "refsource": "REDHAT",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-032.html"
            },
            {
              "name": "RHSA-2004:033",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-033.html"
            },
            {
              "name": "RHSA-2004:045",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2004-045.html"
            },
            {
              "name": "SuSE-SA:2004:004",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://www.novell.com/linux/security/advisories/2004_04_gaim.html"
            },
            {
              "name": "DSA-434",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2004/dsa-434"
            },
            {
              "name": "20040201-01-U",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc"
            },
            {
              "name": "VU#297198",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/297198"
            },
            {
              "name": "VU#371382",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/371382"
            },
            {
              "name": "VU#444158",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/444158"
            },
            {
              "name": "VU#503030",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/503030"
            },
            {
              "name": "VU#527142",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/527142"
            },
            {
              "name": "VU#871838",
              "refsource": "CERT-VN",
              "tags": [
                "US Government Resource"
              ],
              "url": "http://www.kb.cert.org/vuls/id/871838"
            },
            {
              "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html"
            },
            {
              "name": "9489",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/9489"
            },
            {
              "name": "CLA-2004:813",
              "refsource": "CONECTIVA",
              "tags": [],
              "url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000813"
            },
            {
              "name": "SSA:2004-026",
              "refsource": "SLACKWARE",
              "tags": [],
              "url": "http://www.slackware.com/security/viewer.php?l=slackware-security\u0026y=2004\u0026m=slackware-security.361158"
            },
            {
              "name": "MDKSA-2004:006",
              "refsource": "MANDRAKE",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2004:006"
            },
            {
              "name": "20040202-01-U",
              "refsource": "SGI",
              "tags": [],
              "url": "ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc"
            },
            {
              "name": "3731",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/3731"
            },
            {
              "name": "3732",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/3732"
            },
            {
              "name": "1008850",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1008850"
            },
            {
              "name": "20040127 Ultramagnetic Advisory #001:  Multiple vulnerabilities in Gaim code",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=107522432613022\u0026w=2"
            },
            {
              "name": "20040126 Advisory 01/2004: 12 x Gaim remote overflows",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://marc.info/?l=bugtraq\u0026m=107513690306318\u0026w=2"
            },
            {
              "name": "gaim-http-proxy-bo(14947)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14947"
            },
            {
              "name": "gaim-urlparser-bo(14945)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14945"
            },
            {
              "name": "gaim-yahoopacketread-keyname-bo(14943)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14943"
            },
            {
              "name": "gaim-login-value-bo(14941)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14941"
            },
            {
              "name": "gaim-login-name-bo(14940)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14940"
            },
            {
              "name": "gaim-yahoowebpending-cookie-bo(14939)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14939"
            },
            {
              "name": "oval:org.mitre.oval:def:818",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818"
            },
            {
              "name": "oval:org.mitre.oval:def:10222",
              "refsource": "OVAL",
              "tags": [],
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-10-11T01:29Z",
      "publishedDate": "2004-03-03T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2004-0006 (GCVE-0-2004-0006)

Tags

Sightings

Nomenclature