Vulnerability Name:

CVE-2004-0006 (CCN-14939)

Assigned:2004-01-26
Published:2004-01-26
Updated:2017-10-11
Summary:Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: SGI
Type: UNKNOWN
20040201-01-U

Source: SGI
Type: UNKNOWN
20040202-01-U

Source: CCN
Type: Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST
Advisory 01/2004: 12 x Gaim remote overflows

Source: FULLDISC
Type: UNKNOWN
20040126 Advisory 01/2004: 12 x Gaim remote overflows

Source: MITRE
Type: CNA
CVE-2004-0006

Source: CONECTIVA
Type: UNKNOWN
CLA-2004:813

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2004:813
gaim

Source: CCN
Type: Sourceforge Gaim Web site
Downloads

Source: BUGTRAQ
Type: UNKNOWN
20040126 Advisory 01/2004: 12 x Gaim remote overflows

Source: BUGTRAQ
Type: UNKNOWN
20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code

Source: CCN
Type: RHSA-2004-032
Updated Gaim packages fix various vulnerabiliies

Source: CCN
Type: RHSA-2004-033
gaim security update

Source: CCN
Type: RHSA-2004-045
gaim security update

Source: MISC
Type: Patch, Vendor Advisory
http://security.e-matters.de/advisories/012004.html

Source: GENTOO
Type: Vendor Advisory
GLSA-200401-04

Source: CCN
Type: SECTRACK ID: 1008850
Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code

Source: CONFIRM
Type: Patch, Vendor Advisory
http://ultramagnetic.sourceforge.net/advisories/001.html

Source: DEBIAN
Type: UNKNOWN
DSA-434

Source: DEBIAN
Type: DSA-434
gaim -- several vulnerabilities

Source: CCN
Type: US-CERT VU#297198
Gaim fails to properly validate the value parameter in the Yahoo login webpage

Source: CERT-VN
Type: US Government Resource
VU#297198

Source: CCN
Type: US-CERT VU#371382
Gaim fails to properly validate the name parameter in the Yahoo login webpage

Source: CERT-VN
Type: US Government Resource
VU#371382

Source: CCN
Type: US-CERT VU#444158
Gaim contains a buffer overflow vulnerability in the http_canread() function

Source: CERT-VN
Type: US Government Resource
VU#444158

Source: CCN
Type: US-CERT VU#503030
Gaim fails to properly parse cookies in Yahoo web connections

Source: CERT-VN
Type: US Government Resource
VU#503030

Source: CCN
Type: US-CERT VU#527142
Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function

Source: CERT-VN
Type: US Government Resource
VU#527142

Source: CCN
Type: US-CERT VU#871838
Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

Source: CERT-VN
Type: US Government Resource
VU#871838

Source: CCN
Type: Gentoo Linux Security Announcement 200401-04
GAIM 0.75 Remote overflows

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2004:006

Source: SUSE
Type: UNKNOWN
SuSE-SA:2004:004

Source: OSVDB
Type: UNKNOWN
3731

Source: OSVDB
Type: UNKNOWN
3732

Source: CCN
Type: OSVDB ID: 3731
Gaim URL Parser Function Overflow

Source: CCN
Type: OSVDB ID: 3732
Gaim HTTP Proxy Connect Overflow

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2004:032

Source: REDHAT
Type: UNKNOWN
RHSA-2004:033

Source: REDHAT
Type: UNKNOWN
RHSA-2004:045

Source: BID
Type: UNKNOWN
9489

Source: CCN
Type: BID-9489
Gaim Multiple Remote Boundary Condition Error Vulnerabilities

Source: SECTRACK
Type: UNKNOWN
1008850

Source: SLACKWARE
Type: UNKNOWN
SSA:2004-026

Source: CCN
Type: slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST)
GAIM security update (SSA:2004-026-01)

Source: XF
Type: UNKNOWN
gaim-yahoowebpending-cookie-bo(14939)

Source: XF
Type: UNKNOWN
gaim-yahoowebpending-cookie-bo(14939)

Source: XF
Type: UNKNOWN
gaim-login-name-bo(14940)

Source: XF
Type: UNKNOWN
gaim-login-value-bo(14941)

Source: XF
Type: UNKNOWN
gaim-yahoopacketread-keyname-bo(14943)

Source: XF
Type: UNKNOWN
gaim-urlparser-bo(14945)

Source: XF
Type: UNKNOWN
gaim-http-proxy-bo(14947)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10222

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:818

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rob_flynn:gaim:*:*:*:*:*:*:*:* (Version <= 0.75)
  • OR cpe:/a:ultramagnetic:ultramagnetic:*:*:*:*:*:*:*:* (Version <= 0.81)

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0006 (CCN-14940)

    Assigned:2004-01-26
    Published:2004-01-26
    Updated:2004-01-26
    Summary:Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST
    Advisory 01/2004: 12 x Gaim remote overflows

    Source: MITRE
    Type: CNA
    CVE-2004-0006

    Source: CCN
    Type: Conectiva Linux Security Announcement CLSA-2004:813
    gaim

    Source: CCN
    Type: Sourceforge Gaim Web site
    Downloads

    Source: CCN
    Type: RHSA-2004-032
    Updated Gaim packages fix various vulnerabiliies

    Source: CCN
    Type: RHSA-2004-033
    gaim security update

    Source: CCN
    Type: RHSA-2004-045
    gaim security update

    Source: CCN
    Type: SECTRACK ID: 1008850
    Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code

    Source: DEBIAN
    Type: DSA-434
    gaim -- several vulnerabilities

    Source: CCN
    Type: US-CERT VU#297198
    Gaim fails to properly validate the value parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#371382
    Gaim fails to properly validate the name parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#444158
    Gaim contains a buffer overflow vulnerability in the http_canread() function

    Source: CCN
    Type: US-CERT VU#503030
    Gaim fails to properly parse cookies in Yahoo web connections

    Source: CCN
    Type: US-CERT VU#527142
    Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function

    Source: CCN
    Type: US-CERT VU#871838
    Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

    Source: CCN
    Type: Gentoo Linux Security Announcement 200401-04
    GAIM 0.75 Remote overflows

    Source: CCN
    Type: OSVDB ID: 3731
    Gaim URL Parser Function Overflow

    Source: CCN
    Type: OSVDB ID: 3732
    Gaim HTTP Proxy Connect Overflow

    Source: CCN
    Type: BID-9489
    Gaim Multiple Remote Boundary Condition Error Vulnerabilities

    Source: CCN
    Type: slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST)
    GAIM security update (SSA:2004-026-01)

    Source: XF
    Type: UNKNOWN
    gaim-login-name-bo(14940)

    Source: SUSE
    Type: SUSE-SA:2004:004
    gaim: remote system compromise

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0006 (CCN-14941)

    Assigned:2004-01-26
    Published:2004-01-26
    Updated:2004-01-26
    Summary:Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST
    Advisory 01/2004: 12 x Gaim remote overflows

    Source: MITRE
    Type: CNA
    CVE-2004-0006

    Source: CCN
    Type: Conectiva Linux Security Announcement CLSA-2004:813
    gaim

    Source: CCN
    Type: Sourceforge Gaim Web site
    Downloads

    Source: CCN
    Type: RHSA-2004-032
    Updated Gaim packages fix various vulnerabiliies

    Source: CCN
    Type: RHSA-2004-033
    gaim security update

    Source: CCN
    Type: RHSA-2004-045
    gaim security update

    Source: CCN
    Type: SECTRACK ID: 1008850
    Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code

    Source: DEBIAN
    Type: DSA-434
    gaim -- several vulnerabilities

    Source: CCN
    Type: US-CERT VU#297198
    Gaim fails to properly validate the value parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#371382
    Gaim fails to properly validate the name parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#444158
    Gaim contains a buffer overflow vulnerability in the http_canread() function

    Source: CCN
    Type: US-CERT VU#503030
    Gaim fails to properly parse cookies in Yahoo web connections

    Source: CCN
    Type: US-CERT VU#527142
    Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function

    Source: CCN
    Type: US-CERT VU#871838
    Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

    Source: CCN
    Type: Gentoo Linux Security Announcement 200401-04
    GAIM 0.75 Remote overflows

    Source: CCN
    Type: OSVDB ID: 3731
    Gaim URL Parser Function Overflow

    Source: CCN
    Type: OSVDB ID: 3732
    Gaim HTTP Proxy Connect Overflow

    Source: CCN
    Type: BID-9489
    Gaim Multiple Remote Boundary Condition Error Vulnerabilities

    Source: CCN
    Type: slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST)
    GAIM security update (SSA:2004-026-01)

    Source: XF
    Type: UNKNOWN
    gaim-login-value-bo(14941)

    Source: SUSE
    Type: SUSE-SA:2004:004
    gaim: remote system compromise

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0006 (CCN-14943)

    Assigned:2004-01-26
    Published:2004-01-26
    Updated:2004-01-26
    Summary:Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST
    Advisory 01/2004: 12 x Gaim remote overflows

    Source: MITRE
    Type: CNA
    CVE-2004-0006

    Source: CCN
    Type: Conectiva Linux Security Announcement CLSA-2004:813
    gaim

    Source: CCN
    Type: Sourceforge Gaim Web site
    Downloads

    Source: CCN
    Type: RHSA-2004-032
    Updated Gaim packages fix various vulnerabiliies

    Source: CCN
    Type: RHSA-2004-033
    gaim security update

    Source: CCN
    Type: RHSA-2004-045
    gaim security update

    Source: CCN
    Type: SECTRACK ID: 1008850
    Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code

    Source: DEBIAN
    Type: DSA-434
    gaim -- several vulnerabilities

    Source: CCN
    Type: US-CERT VU#297198
    Gaim fails to properly validate the value parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#371382
    Gaim fails to properly validate the name parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#444158
    Gaim contains a buffer overflow vulnerability in the http_canread() function

    Source: CCN
    Type: US-CERT VU#503030
    Gaim fails to properly parse cookies in Yahoo web connections

    Source: CCN
    Type: US-CERT VU#527142
    Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function

    Source: CCN
    Type: US-CERT VU#871838
    Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

    Source: CCN
    Type: Gentoo Linux Security Announcement 200401-04
    GAIM 0.75 Remote overflows

    Source: CCN
    Type: OSVDB ID: 3731
    Gaim URL Parser Function Overflow

    Source: CCN
    Type: OSVDB ID: 3732
    Gaim HTTP Proxy Connect Overflow

    Source: CCN
    Type: BID-9489
    Gaim Multiple Remote Boundary Condition Error Vulnerabilities

    Source: CCN
    Type: slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST)
    GAIM security update (SSA:2004-026-01)

    Source: XF
    Type: UNKNOWN
    gaim-yahoopacketread-keyname-bo(14943)

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0006 (CCN-14945)

    Assigned:2004-01-26
    Published:2004-01-26
    Updated:2004-01-26
    Summary:Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST
    Advisory 01/2004: 12 x Gaim remote overflows

    Source: MITRE
    Type: CNA
    CVE-2004-0006

    Source: CCN
    Type: Conectiva Linux Security Announcement CLSA-2004:813
    gaim

    Source: CCN
    Type: Sourceforge Gaim Web site
    Downloads

    Source: CCN
    Type: RHSA-2004-032
    Updated Gaim packages fix various vulnerabiliies

    Source: CCN
    Type: RHSA-2004-033
    gaim security update

    Source: CCN
    Type: RHSA-2004-045
    gaim security update

    Source: CCN
    Type: SECTRACK ID: 1008850
    Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code

    Source: DEBIAN
    Type: DSA-434
    gaim -- several vulnerabilities

    Source: CCN
    Type: US-CERT VU#297198
    Gaim fails to properly validate the value parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#371382
    Gaim fails to properly validate the name parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#444158
    Gaim contains a buffer overflow vulnerability in the http_canread() function

    Source: CCN
    Type: US-CERT VU#503030
    Gaim fails to properly parse cookies in Yahoo web connections

    Source: CCN
    Type: US-CERT VU#527142
    Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function

    Source: CCN
    Type: US-CERT VU#871838
    Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

    Source: CCN
    Type: Gentoo Linux Security Announcement 200401-04
    GAIM 0.75 Remote overflows

    Source: CCN
    Type: OSVDB ID: 3731
    Gaim URL Parser Function Overflow

    Source: CCN
    Type: OSVDB ID: 3732
    Gaim HTTP Proxy Connect Overflow

    Source: CCN
    Type: BID-9489
    Gaim Multiple Remote Boundary Condition Error Vulnerabilities

    Source: CCN
    Type: slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST)
    GAIM security update (SSA:2004-026-01)

    Source: XF
    Type: UNKNOWN
    gaim-urlparser-bo(14945)

    Source: SUSE
    Type: SUSE-SA:2004:004
    gaim: remote system compromise

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0006 (CCN-14947)

    Assigned:2004-01-26
    Published:2004-01-26
    Updated:2017-10-11
    Summary:Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
    CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): Low
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Partial
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: CCN
    Type: Full-Disclosure Mailing List, Mon Jan 26 2004 - 02:44:42 CST
    Advisory 01/2004: 12 x Gaim remote overflows

    Source: MITRE
    Type: CNA
    CVE-2004-0006

    Source: CCN
    Type: Conectiva Linux Security Announcement CLSA-2004:813
    gaim

    Source: CCN
    Type: RHSA-2004-032
    Updated Gaim packages fix various vulnerabiliies

    Source: CCN
    Type: RHSA-2004-033
    gaim security update

    Source: CCN
    Type: RHSA-2004-045
    gaim security update

    Source: CCN
    Type: SECTRACK ID: 1008850
    Gaim Contains Multiple Overflows That Let a Remote User Execute Arbitrary Code

    Source: DEBIAN
    Type: DSA-434
    gaim -- several vulnerabilities

    Source: CCN
    Type: US-CERT VU#297198
    Gaim fails to properly validate the value parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#371382
    Gaim fails to properly validate the name parameter in the Yahoo login webpage

    Source: CCN
    Type: US-CERT VU#444158
    Gaim contains a buffer overflow vulnerability in the http_canread() function

    Source: CCN
    Type: US-CERT VU#503030
    Gaim fails to properly parse cookies in Yahoo web connections

    Source: CCN
    Type: US-CERT VU#527142
    Gaim contains a buffer overflow vulnerability in the yahoo_packet_read() function

    Source: CCN
    Type: US-CERT VU#871838
    Gaim contains a buffer overflow vulnerability in the gaim_url_parse() function

    Source: CCN
    Type: Gentoo Linux Security Announcement 200401-04
    GAIM 0.75 Remote overflows

    Source: CCN
    Type: OSVDB ID: 3731
    Gaim URL Parser Function Overflow

    Source: CCN
    Type: OSVDB ID: 3732
    Gaim HTTP Proxy Connect Overflow

    Source: CCN
    Type: BID-9489
    Gaim Multiple Remote Boundary Condition Error Vulnerabilities

    Source: CCN
    Type: slackware-security Mailing List, Mon, 26 Jan 2004 16:14:45 -0800 (PST)
    GAIM security update (SSA:2004-026-01)

    Source: XF
    Type: UNKNOWN
    gaim-http-proxy-bo(14947)

    Source: SUSE
    Type: SUSE-SA:2004:004
    gaim: remote system compromise

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040006
    V
    		CVE-2004-0006
    2015-11-16
    oval:org.mitre.oval:def:10222
    V
    		Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
    2013-04-29
    oval:org.mitre.oval:def:818
    V
    		Gaim / Ultramagnetic BO Vulnerabilities
    2007-04-25
    oval:org.debian:def:434
    V
    		several vulnerabilities
    2004-02-05
    oval:com.redhat.rhsa:def:20040033
    P
    		RHSA-2004:033: gaim security update (Critical)
    2004-01-23
    BACK
    rob_flynn gaim *
    ultramagnetic ultramagnetic *