• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Gaim Remote URI Handling Buffer Overflow Vulnerability

Gaim is susceptible to a remote buffer-overflow vulnerability when handling long URIs. This issue is due to the application's failure to properly bounds-check user-supplied input data before copying it to a fixed-size stack buffer.

Due to Gaim's multiple protocol support and to the nature of the differing IM protocols, only some of the IM networks are reported vulnerable (because of the message-length limits imposed by the IM networks). Currently, the Jabber and SILC IM network protocols are known to be vulnerable. Other protocols may also be affected.

This vulnerability allows remote attackers to execute arbitrary machine code in the context of the affected application.

Gaim versions prior to 1.3.0 are vulnerable to this issue.