Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 91862 - net-im/gaim buffer overflow (CAN-2005-126{1|2})
Summary: net-im/gaim buffer overflow (CAN-2005-126{1|2})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: High major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A1 [glsa] jaervosz
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-08 00:51 UTC by Sune Kloppenborg Jeppesen (RETIRED)
Modified: 2005-08-15 21:56 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
gaim-long_url.patch (gaim-long_url.patch,3.83 KB, patch)
2005-05-08 00:52 UTC, Sune Kloppenborg Jeppesen (RETIRED)
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-08 00:51:50 UTC
Reported on Vendor-Sec:

There is a buffer overflow in gaim where an attacker can send a very long URL in a message (>8192 bytes).  It's a stack based overflow, looks pretty
ugly.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-08 00:52:45 UTC
Created attachment 58320 [details, diff]
gaim-long_url.patch
Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-08 00:54:35 UTC
Don please attach an updated ebuild to this bug, do NOT commit anything to CVS.
Comment 3 Don Seiler (RETIRED) gentoo-dev 2005-05-09 06:48:33 UTC
Note that another CVE is coming from an MSN remote DoS bug.  That fix is at http://cvs.sourceforge.net/viewcvs.py/gaim/gaim/src/protocols/msn/slp.c?r1=1.12.2.12&r2=1.12.2.13&diff_format=u

Gaim postponed a previously scheduled release to include that first CVE fix and I believe this MSN one as well.  Release is scheduled for tomorrow evening.
Comment 4 Don Seiler (RETIRED) gentoo-dev 2005-05-10 08:02:07 UTC
Confirmed that new gaim release will be tonight.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-10 08:49:47 UTC
Thx Rizzo. Once it is public and we have an ebuild just open up this bug and call arches, might be while I sleep.
Comment 6 Don Seiler (RETIRED) gentoo-dev 2005-05-10 20:55:43 UTC
gaim-1.3.0 is released and in portage.  Stable x86.  Other arches please test and stabilize ASAP.

jaervosz: It seems only security team members can make a bug public.  It won't let me uncheck the box.
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-10 21:46:54 UTC
Sorry about that, opening. Arches please test and mark stable.
Comment 8 Jan Brinkmann (RETIRED) gentoo-dev 2005-05-11 04:04:38 UTC
stable on amd64
Comment 9 Stefan Cornelius (RETIRED) gentoo-dev 2005-05-11 04:21:37 UTC
Gaim fixes another security issue (MSN Remote DoS, CAN-2005-1262) in 1.3.0:
http://gaim.sourceforge.net/security/index.php?id=17
Comment 10 Gustavo Zacarias (RETIRED) gentoo-dev 2005-05-11 05:46:00 UTC
we came, we tested, we sparc'ed.
Comment 11 Lars Weiler (RETIRED) gentoo-dev 2005-05-11 06:01:00 UTC
stable on ppc, of course
Comment 12 Don Seiler (RETIRED) gentoo-dev 2005-05-11 06:16:59 UTC
Yes the MSN exploit is also fixed in gaim-1.3.0.
Comment 13 Markus Rothe (RETIRED) gentoo-dev 2005-05-11 09:05:37 UTC
stable on ppc64
Comment 14 Bryan Østergaard (RETIRED) gentoo-dev 2005-05-11 16:18:22 UTC
Stable on alpha + ia64.
Comment 15 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2005-05-11 21:48:01 UTC
GLSA 200505-09

arm, hppa, mips please remember to mark stable to benifit from GLSA.
Comment 16 René Nussbaumer (RETIRED) gentoo-dev 2005-06-26 07:43:46 UTC
Already stable on hppa