Vulnerability Name: | CVE-2005-0966 (CCN-19937) | ||||||||||||||||
Assigned: | 2005-04-01 | ||||||||||||||||
Published: | 2005-04-01 | ||||||||||||||||
Updated: | 2018-10-19 | ||||||||||||||||
Summary: | The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. | ||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
| ||||||||||||||||
CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||||||||||
Vulnerability Type: | CWE-Other | ||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||
References: | Source: CCN Type: BugTraq Mailing List, Fri Apr 01 2005 - 03:59:59 CST multiple remote denial of service vulnerabilities in Gaim Source: MITRE Type: CNA CVE-2005-0966 Source: CONFIRM Type: Vendor Advisory http://gaim.sourceforge.net/security/index.php?id=14 Source: BUGTRAQ Type: UNKNOWN 20050401 multiple remote denial of service vulnerabilities in Gaim Source: CCN Type: RHSA-2005-365 gaim security update Source: CCN Type: SA14815 Gaim Multiple Denial of Service Weaknesses Source: SECUNIA Type: Patch, Vendor Advisory 14815 Source: CONFIRM Type: Patch http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750 Source: CCN Type: SourceForge.net Project: Gaim: Summary Source: CCN Type: GLSA-200504-05 Gaim: Denial of Service issues Source: MANDRAKE Type: UNKNOWN MDKSA-2005:071 Source: SUSE Type: UNKNOWN SUSE-SA:2005:036 Source: REDHAT Type: UNKNOWN RHSA-2005:365 Source: FEDORA Type: UNKNOWN FLSA:158543 Source: BID Type: UNKNOWN 13003 Source: CCN Type: BID-13003 Gaim IRC Protocol Plug-in Markup Language Injection Vulnerability Source: XF Type: UNKNOWN gaim-irc-plugin-bo(19937) Source: XF Type: UNKNOWN gaim-irc-plugin-bo(19937) Source: XF Type: UNKNOWN gaim-ircmsginvite-dos(19939) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9185 Source: SUSE Type: SUSE-SA:2005:036 sudo: race condition arbitrary code execution Source: SUSE Type: SUSE-SR:2005:017 SUSE Security Summary Report | ||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: ![]() | ||||||||||||||||
Vulnerability Name: | CVE-2005-0966 (CCN-19939) | ||||||||||||||||
Assigned: | 2005-04-01 | ||||||||||||||||
Published: | 2005-04-01 | ||||||||||||||||
Updated: | 2005-04-01 | ||||||||||||||||
Summary: | The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. | ||||||||||||||||
CVSS v3 Severity: | 7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
| ||||||||||||||||
CVSS v2 Severity: | 6.4 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:P)
| ||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||
References: | Source: CCN Type: BugTraq Mailing List, Fri Apr 01 2005 - 03:59:59 CST multiple remote denial of service vulnerabilities in Gaim Source: MITRE Type: CNA CVE-2005-0966 Source: CCN Type: RHSA-2005-365 gaim security update Source: CCN Type: SA14815 Gaim Multiple Denial of Service Weaknesses Source: CCN Type: SourceForge.net Project: Gaim: Summary Source: CCN Type: GLSA-200504-05 Gaim: Denial of Service issues Source: CCN Type: BID-13003 Gaim IRC Protocol Plug-in Markup Language Injection Vulnerability Source: XF Type: UNKNOWN gaim-ircmsginvite-dos(19939) Source: SUSE Type: SUSE-SA:2005:036 sudo: race condition arbitrary code execution Source: SUSE Type: SUSE-SR:2005:017 SUSE Security Summary Report | ||||||||||||||||
Vulnerable Configuration: | Configuration RedHat 1:![]() | ||||||||||||||||
Oval Definitions | |||||||||||||||||
| |||||||||||||||||
BACK |