Vulnerability Name:

CVE-2004-0891 (CCN-17786)

Assigned:2004-10-19
Published:2004-10-19
Updated:2017-10-11
Summary:Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0891

Source: CCN
Type: Gaim Web page
News - gaim

Source: CCN
Type: Gaim Download Web page
Downloads - gaim

Source: CONFIRM
Type: Vendor Advisory
http://gaim.sourceforge.net/security/?id=9

Source: CCN
Type: Gaim Security Vulnerability 19 October 2004
MSN SLP buffer overflow

Source: CCN
Type: RHSA-2004-604
gaim security update

Source: CCN
Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700
[slackware-security] gaim (SSA:2004-296-01)

Source: CCN
Type: GLSA-200410-23
Gaim: Multiple vulnerabilities

Source: GENTOO
Type: UNKNOWN
GLSA-200410-23

Source: CCN
Type: Fedora Update Notification FEDORA-2004-354
gaim-1.0.2-0.FC2 update

Source: REDHAT
Type: Vendor Advisory
RHSA-2004:604

Source: CCN
Type: BID-11482
Gaim MSN SLP Remote Buffer Overflow Vulnerability

Source: CCN
Type: USN-8-1
gaim vulnerabilities

Source: FEDORA
Type: UNKNOWN
FLSA:2188

Source: XF
Type: UNKNOWN
gaim-msn-slp-bo(17786)

Source: XF
Type: UNKNOWN
gaim-msn-slp-bo(17786)

Source: XF
Type: UNKNOWN
gaim-msn-slp-dos(17787)

Source: XF
Type: UNKNOWN
gaim-file-transfer-dos(17790)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11790

Source: SUSE
Type: SUSE-SA:2004:040
samba: remote denial of service

Source: UBUNTU
Type: UNKNOWN
USN-8-1

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rob_flynn:gaim:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.50:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.51:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.52:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.54:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.55:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.56:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.57:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.58:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.59:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.59.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.60:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.61:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.62:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.63:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.64:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.65:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.66:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.67:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.68:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.69:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.73:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.74:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.75:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.78:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.82:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.82.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.0.1:*:*:*:*:*:*:*

  • Configuration 2:
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:1.4:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:9.1:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:10.0:*:*:*:*:*:*:*
  • OR cpe:/o:slackware:slackware_linux:current:*:*:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:ubuntu:ubuntu_linux:4.1:*:ppc:*:*:*:*:*

  • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0891 (CCN-17787)

    Assigned:2004-10-19
    Published:2004-10-19
    Updated:2017-10-11
    Summary:Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
    CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Changed
    Impact Metrics:Confidentiality (C): High
    Integrity (I): High
    Availibility (A): High
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    Vulnerability Type:CWE-Other
    Vulnerability Consequences:Gain Access
    References:Source: MITRE
    Type: CNA
    CVE-2004-0891

    Source: CCN
    Type: Gaim Web page
    News - gaim

    Source: CCN
    Type: Gaim Download Web page
    Downloads - gaim

    Source: CCN
    Type: Gaim Security Vulnerability 19 October 2004
    MSN SLP DOS (malloc error)

    Source: CCN
    Type: RHSA-2004-604
    gaim security update

    Source: CCN
    Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700
    [slackware-security] gaim (SSA:2004-296-01)

    Source: CCN
    Type: GLSA-200410-23
    Gaim: Multiple vulnerabilities

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-354
    gaim-1.0.2-0.FC2 update

    Source: CCN
    Type: Pidgin Security Advisory, 19 October 2004
    MSN SLP DOS (malloc error)

    Source: CCN
    Type: BID-11482
    Gaim MSN SLP Remote Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-11484
    Gaim MSN Remote SLP Denial Of Service Vulnerability

    Source: CCN
    Type: USN-8-1
    gaim vulnerabilities

    Source: XF
    Type: UNKNOWN
    gaim-msn-slp-dos(17787)

    Source: SUSE
    Type: SUSE-SA:2004:040
    samba: remote denial of service

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Vulnerability Name:

    CVE-2004-0891 (CCN-17790)

    Assigned:2004-10-19
    Published:2004-10-19
    Updated:2004-10-19
    Summary:Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
    CVSS v3 Severity:6.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)
    Exploitability Metrics:Attack Vector (AV): Network
    Attack Complexity (AC): Low
    Privileges Required (PR): None
    User Interaction (UI): None
    Scope:Scope (S): Unchanged
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Low
    Availibility (A): Low
    CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Authentication (Au): None
    Impact Metrics:Confidentiality (C): Complete
    Integrity (I): Complete
    Availibility (A): Complete
    6.4 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
    Exploitability Metrics:Access Vector (AV): Network
    Access Complexity (AC): Low
    Athentication (Au): None
    Impact Metrics:Confidentiality (C): None
    Integrity (I): Partial
    Availibility (A): Partial
    Vulnerability Consequences:Denial of Service
    References:Source: MITRE
    Type: CNA
    CVE-2004-0891

    Source: CCN
    Type: Gaim Web page
    News - gaim

    Source: CCN
    Type: Gaim Download Web page
    Downloads - gaim

    Source: CCN
    Type: Gaim Security Vulnerability 19 October 2004
    MSN File transfer DOS (malloc error)

    Source: CCN
    Type: RHSA-2004-604
    gaim security update

    Source: CCN
    Type: slackware-security Mailing List, Fri, 22 Oct 2004 17:07:39 -0700
    [slackware-security] gaim (SSA:2004-296-01)

    Source: CCN
    Type: GLSA-200410-23
    Gaim: Multiple vulnerabilities

    Source: CCN
    Type: Fedora Update Notification FEDORA-2004-354
    gaim-1.0.2-0.FC2 update

    Source: CCN
    Type: BID-11482
    Gaim MSN SLP Remote Buffer Overflow Vulnerability

    Source: CCN
    Type: BID-11483
    Gaim MSN Remote File Transfer Denial Of Service Vulnerability

    Source: CCN
    Type: USN-8-1
    gaim vulnerabilities

    Source: XF
    Type: UNKNOWN
    gaim-file-transfer-dos(17790)

    Source: SUSE
    Type: SUSE-SA:2004:040
    samba: remote denial of service

    Vulnerable Configuration:Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20040891
    V
    CVE-2004-0891
    2017-09-27
    oval:org.mitre.oval:def:11790
    V
    Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
    2013-04-29
    oval:com.redhat.rhsa:def:20040604
    P
    RHSA-2004:604: gaim security update (Important)
    2004-10-20
    BACK
    rob_flynn gaim 0.10
    rob_flynn gaim 0.10.3
    rob_flynn gaim 0.50
    rob_flynn gaim 0.51
    rob_flynn gaim 0.52
    rob_flynn gaim 0.53
    rob_flynn gaim 0.54
    rob_flynn gaim 0.55
    rob_flynn gaim 0.56
    rob_flynn gaim 0.57
    rob_flynn gaim 0.58
    rob_flynn gaim 0.59
    rob_flynn gaim 0.59.1
    rob_flynn gaim 0.60
    rob_flynn gaim 0.61
    rob_flynn gaim 0.62
    rob_flynn gaim 0.63
    rob_flynn gaim 0.64
    rob_flynn gaim 0.65
    rob_flynn gaim 0.66
    rob_flynn gaim 0.67
    rob_flynn gaim 0.68
    rob_flynn gaim 0.69
    rob_flynn gaim 0.70
    rob_flynn gaim 0.71
    rob_flynn gaim 0.72
    rob_flynn gaim 0.73
    rob_flynn gaim 0.74
    rob_flynn gaim 0.75
    rob_flynn gaim 0.78
    rob_flynn gaim 0.82
    rob_flynn gaim 0.82.1
    rob_flynn gaim 1.0
    rob_flynn gaim 1.0.1
    gentoo linux *
    gentoo linux 1.4
    slackware slackware linux 9.0
    slackware slackware linux 9.1
    slackware slackware linux 10.0
    slackware slackware linux current
    ubuntu ubuntu linux 4.1
    ubuntu ubuntu linux 4.1