CVE-2004-0891

Sažetak

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

Reference

http://gaim.sourceforge.net/security/?id=9
http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
http://www.redhat.com/support/errata/RHSA-2004-604.html
https://bugzilla.fedora.us/show_bug.cgi?id=2188
https://exchange.xforce.ibmcloud.com/vulnerabilities/17786
https://exchange.xforce.ibmcloud.com/vulnerabilities/17787
https://exchange.xforce.ibmcloud.com/vulnerabilities/17790
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790
https://www.ubuntu.com/usn/usn-8-1/

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

11-10-2017 - 01:29

Objavljeno

27-01-2005 - 05:00