Vulnerability Name: | CVE-2004-0891 (CCN-17786) | ||||||||||||||||
Assigned: | 2004-10-19 | ||||||||||||||||
Published: | 2004-10-19 | ||||||||||||||||
Updated: | 2017-10-11 | ||||||||||||||||
Summary: | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. | ||||||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0891 Source: CCN Type: Gaim Web page News - gaim Source: CCN Type: Gaim Download Web page Downloads - gaim Source: CONFIRM Type: Vendor Advisory http://gaim.sourceforge.net/security/?id=9 Source: CCN Type: Gaim Security Vulnerability 19 October 2004 MSN SLP buffer overflow Source: CCN Type: RHSA-2004-604 gaim security update Source: CCN Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700 [slackware-security] gaim (SSA:2004-296-01) Source: CCN Type: GLSA-200410-23 Gaim: Multiple vulnerabilities Source: GENTOO Type: UNKNOWN GLSA-200410-23 Source: CCN Type: Fedora Update Notification FEDORA-2004-354 gaim-1.0.2-0.FC2 update Source: REDHAT Type: Vendor Advisory RHSA-2004:604 Source: CCN Type: BID-11482 Gaim MSN SLP Remote Buffer Overflow Vulnerability Source: CCN Type: USN-8-1 gaim vulnerabilities Source: FEDORA Type: UNKNOWN FLSA:2188 Source: XF Type: UNKNOWN gaim-msn-slp-bo(17786) Source: XF Type: UNKNOWN gaim-msn-slp-bo(17786) Source: XF Type: UNKNOWN gaim-msn-slp-dos(17787) Source: XF Type: UNKNOWN gaim-file-transfer-dos(17790) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11790 Source: SUSE Type: SUSE-SA:2004:040 samba: remote denial of service Source: UBUNTU Type: UNKNOWN USN-8-1 | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||
Vulnerability Name: | CVE-2004-0891 (CCN-17787) | ||||||||||||||||
Assigned: | 2004-10-19 | ||||||||||||||||
Published: | 2004-10-19 | ||||||||||||||||
Updated: | 2017-10-11 | ||||||||||||||||
Summary: | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. | ||||||||||||||||
CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||
Vulnerability Consequences: | Gain Access | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0891 Source: CCN Type: Gaim Web page News - gaim Source: CCN Type: Gaim Download Web page Downloads - gaim Source: CCN Type: Gaim Security Vulnerability 19 October 2004 MSN SLP DOS (malloc error) Source: CCN Type: RHSA-2004-604 gaim security update Source: CCN Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700 [slackware-security] gaim (SSA:2004-296-01) Source: CCN Type: GLSA-200410-23 Gaim: Multiple vulnerabilities Source: CCN Type: Fedora Update Notification FEDORA-2004-354 gaim-1.0.2-0.FC2 update Source: CCN Type: Pidgin Security Advisory, 19 October 2004 MSN SLP DOS (malloc error) Source: CCN Type: BID-11482 Gaim MSN SLP Remote Buffer Overflow Vulnerability Source: CCN Type: BID-11484 Gaim MSN Remote SLP Denial Of Service Vulnerability Source: CCN Type: USN-8-1 gaim vulnerabilities Source: XF Type: UNKNOWN gaim-msn-slp-dos(17787) Source: SUSE Type: SUSE-SA:2004:040 samba: remote denial of service | ||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||
Vulnerability Name: | CVE-2004-0891 (CCN-17790) | ||||||||||||||||
Assigned: | 2004-10-19 | ||||||||||||||||
Published: | 2004-10-19 | ||||||||||||||||
Updated: | 2004-10-19 | ||||||||||||||||
Summary: | Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. | ||||||||||||||||
CVSS v3 Severity: | 6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
| ||||||||||||||||
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
| ||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2004-0891 Source: CCN Type: Gaim Web page News - gaim Source: CCN Type: Gaim Download Web page Downloads - gaim Source: CCN Type: Gaim Security Vulnerability 19 October 2004 MSN File transfer DOS (malloc error) Source: CCN Type: RHSA-2004-604 gaim security update Source: CCN Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700 [slackware-security] gaim (SSA:2004-296-01) Source: CCN Type: GLSA-200410-23 Gaim: Multiple vulnerabilities Source: CCN Type: Fedora Update Notification FEDORA-2004-354 gaim-1.0.2-0.FC2 update Source: CCN Type: BID-11482 Gaim MSN SLP Remote Buffer Overflow Vulnerability Source: CCN Type: BID-11483 Gaim MSN Remote File Transfer Denial Of Service Vulnerability Source: CCN Type: USN-8-1 gaim vulnerabilities Source: XF Type: UNKNOWN gaim-file-transfer-dos(17790) Source: SUSE Type: SUSE-SA:2004:040 samba: remote denial of service | ||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1: Denotes that component is vulnerable | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |