Vulnerability CVE-2004-0891

Vulnerability Name:

CVE-2004-0891 (CCN-17786)

Assigned:

2004-10-19

Published:

2004-10-19

Updated:

2017-10-11

Summary:

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2004-0891

Source: CCN
Type: Gaim Web page
News - gaim

Source: CCN
Type: Gaim Download Web page
Downloads - gaim

Source: CONFIRM
Type: Vendor Advisory
http://gaim.sourceforge.net/security/?id=9

Source: CCN
Type: Gaim Security Vulnerability 19 October 2004
MSN SLP buffer overflow

Source: CCN
Type: RHSA-2004-604
gaim security update

Source: CCN
Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700
[slackware-security] gaim (SSA:2004-296-01)

Source: CCN
Type: GLSA-200410-23
Gaim: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200410-23

Source: CCN
Type: Fedora Update Notification FEDORA-2004-354
gaim-1.0.2-0.FC2 update

Source: REDHAT
Type: Vendor Advisory
RHSA-2004:604

Source: CCN
Type: BID-11482
Gaim MSN SLP Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-8-1
gaim vulnerabilities

Source: FEDORA
Type: UNKNOWN
FLSA:2188

Source: XF
Type: UNKNOWN
gaim-msn-slp-bo(17786)

Source: XF
Type: UNKNOWN
gaim-msn-slp-bo(17786)

Source: XF
Type: UNKNOWN
gaim-msn-slp-dos(17787)

Source: XF
Type: UNKNOWN
gaim-file-transfer-dos(17790)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11790

Source: SUSE
Type: SUSE-SA:2004:040
samba: remote denial of service

Source: UBUNTU
Type: UNKNOWN
USN-8-1

Vulnerable Configuration:

Configuration 1:

cpe:/a:rob_flynn:gaim:0.10:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.10.3:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.50:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.51:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.52:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.53:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.54:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.55:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.56:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.57:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.58:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.59:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.59.1:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.60:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.61:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.62:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.63:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.64:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.65:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.66:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.67:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.68:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.69:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.70:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.71:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.72:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.73:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.74:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.75:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.78:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.82:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:0.82.1:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:1.0:*:*:*:*:*:*:*

OR cpe:/a:rob_flynn:gaim:1.0.1:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*

OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2004-0891 (CCN-17787)

Assigned:

2004-10-19

Published:

2004-10-19

Updated:

2017-10-11

Summary:

CVSS v3 Severity:

10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Changed
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2004-0891

Source: CCN
Type: Gaim Web page
News - gaim

Source: CCN
Type: Gaim Download Web page
Downloads - gaim

Source: CCN
Type: Gaim Security Vulnerability 19 October 2004
MSN SLP DOS (malloc error)

Source: CCN
Type: RHSA-2004-604
gaim security update

Source: CCN
Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700
[slackware-security] gaim (SSA:2004-296-01)

Source: CCN
Type: GLSA-200410-23
Gaim: Multiple vulnerabilities

Source: CCN
Type: Fedora Update Notification FEDORA-2004-354
gaim-1.0.2-0.FC2 update

Source: CCN
Type: Pidgin Security Advisory, 19 October 2004
MSN SLP DOS (malloc error)

Source: CCN
Type: BID-11482
Gaim MSN SLP Remote Buffer Overflow Vulnerability

Source: CCN
Type: BID-11484
Gaim MSN Remote SLP Denial Of Service Vulnerability

Source: CCN
Type: USN-8-1
gaim vulnerabilities

Source: XF
Type: UNKNOWN
gaim-msn-slp-dos(17787)

Source: SUSE
Type: SUSE-SA:2004:040
samba: remote denial of service

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2004-0891 (CCN-17790)

Assigned:

2004-10-19

Published:

2004-10-19

Updated:

2004-10-19

Summary:

CVSS v3 Severity:

6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

Denial of Service

References:

Source: MITRE
Type: CNA
CVE-2004-0891

Source: CCN
Type: Gaim Web page
News - gaim

Source: CCN
Type: Gaim Download Web page
Downloads - gaim

Source: CCN
Type: Gaim Security Vulnerability 19 October 2004
MSN File transfer DOS (malloc error)

Source: CCN
Type: RHSA-2004-604
gaim security update

Source: CCN
Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700
[slackware-security] gaim (SSA:2004-296-01)

Source: CCN
Type: GLSA-200410-23
Gaim: Multiple vulnerabilities

Source: CCN
Type: Fedora Update Notification FEDORA-2004-354
gaim-1.0.2-0.FC2 update

Source: CCN
Type: BID-11482
Gaim MSN SLP Remote Buffer Overflow Vulnerability

Source: CCN
Type: BID-11483
Gaim MSN Remote File Transfer Denial Of Service Vulnerability

Source: CCN
Type: USN-8-1
gaim vulnerabilities

Source: XF
Type: UNKNOWN
gaim-file-transfer-dos(17790)

Source: SUSE
Type: SUSE-SA:2004:040
samba: remote denial of service

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20040891	V	CVE-2004-0891	2017-09-27
oval:org.mitre.oval:def:11790	V	Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.	2013-04-29
oval:com.redhat.rhsa:def:20040604	P	RHSA-2004:604: gaim security update (Important)	2004-10-20

BACK