Vulnerability Name:

CVE-2004-0754 (CCN-17140)

Assigned:2004-08-26
Published:2004-08-26
Updated:2017-10-11
Summary:Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0754

Source: CCN
Type: Gaim Download Web page
Downloads - gaim

Source: CONFIRM
Type: Vendor Advisory
http://gaim.sourceforge.net/security/?id=2

Source: CCN
Type: Gaim Security Issues Web page
Groupware message receive integer overflow

Source: CCN
Type: RHSA-2004-400
gaim security update

Source: SECUNIA
Type: UNKNOWN
12383

Source: SECUNIA
Type: UNKNOWN
12480

Source: SECUNIA
Type: UNKNOWN
13101

Source: CCN
Type: SECTRACK ID: 1011083
Gaim Buffer Overflows in Groupware Messages, URLs, Hostname Lookups, and RTF Messages May Permit Remote Code Execution

Source: SECTRACK
Type: UNKNOWN
1011083

Source: CCN
Type: Slackware Security Advisory SSA:2004-240-01
gaim updated again

Source: CCN
Type: Slackware Security Advisory SSA:2004-239-01
gaim

Source: FEDORA
Type: Patch, Vendor Advisory
FEDORA-2004-278

Source: FEDORA
Type: Patch, Vendor Advisory
FEDORA-2004-279

Source: CCN
Type: GLSA-200408-27
Gaim: New vulnerabilities

Source: GENTOO
Type: Vendor Advisory
GLSA-200408-27

Source: OSVDB
Type: UNKNOWN
9260

Source: CCN
Type: OSVDB ID: 9260
Gaim Groupware Message Receive Overflow

Source: REDHAT
Type: UNKNOWN
RHSA-2004:400

Source: BID
Type: UNKNOWN
11056

Source: CCN
Type: BID-11056
Gaim Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
gaim-groupware-integer-overflow(17140)

Source: XF
Type: UNKNOWN
gaim-groupware-integer-overflow(17140)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10220

Source: SUSE
Type: SUSE-SA:2004:032
apache2: remote denial-of-service

Source: SUSE
Type: SUSE-SA:2004:033
gtk2 gdk-pixbuf: remote code execution

Source: SUSE
Type: SUSE-SA:2004:034
XFree86-libs xshared: remote command execution

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rob_flynn:gaim:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.50:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.51:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.52:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.54:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.55:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.56:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.57:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.58:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.59:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.59.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.60:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.61:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.62:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.63:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.64:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.65:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.66:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.67:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.68:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.69:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.73:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.74:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.75:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040754
    V
    		CVE-2004-0754
    2015-11-16
    oval:org.mitre.oval:def:10220
    V
    		Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
    2013-04-29
    oval:com.redhat.rhsa:def:20040400
    P
    		RHSA-2004:400: gaim security update (Critical)
    2004-09-07
    BACK
    rob_flynn gaim 0.10
    rob_flynn gaim 0.10.3
    rob_flynn gaim 0.50
    rob_flynn gaim 0.51
    rob_flynn gaim 0.52
    rob_flynn gaim 0.53
    rob_flynn gaim 0.54
    rob_flynn gaim 0.55
    rob_flynn gaim 0.56
    rob_flynn gaim 0.57
    rob_flynn gaim 0.58
    rob_flynn gaim 0.59
    rob_flynn gaim 0.59.1
    rob_flynn gaim 0.60
    rob_flynn gaim 0.61
    rob_flynn gaim 0.62
    rob_flynn gaim 0.63
    rob_flynn gaim 0.64
    rob_flynn gaim 0.65
    rob_flynn gaim 0.66
    rob_flynn gaim 0.67
    rob_flynn gaim 0.68
    rob_flynn gaim 0.69
    rob_flynn gaim 0.70
    rob_flynn gaim 0.71
    rob_flynn gaim 0.72
    rob_flynn gaim 0.73
    rob_flynn gaim 0.74
    rob_flynn gaim 0.75