Vulnerability Name:

CVE-2005-2103 (CCN-21759)

Assigned:2005-08-08
Published:2005-08-08
Updated:2018-10-19
Summary:Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
9.3 High (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
6.9 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2005-2103

Source: CCN
Type: Conectiva Linux Security Announcement CLSA-2005:1006
Fixes for gaim's vulnerabilities

Source: CCN
Type: Gaim Download Web site
Downloads - Gaim

Source: CONFIRM
Type: UNKNOWN
http://gaim.sourceforge.net/security/?id=22

Source: CCN
Type: RHSA-2005-589
gaim security update

Source: CCN
Type: RHSA-2005-627
gaim security update

Source: CCN
Type: SourceForge.net
A buffer overflow exploit in teh away message

Source: CCN
Type: CIAC Information Bulletin P-270
GAIM Security Update

Source: CCN
Type: GLSA-200508-06
Gaim: Remote execution of arbitrary code

Source: SUSE
Type: UNKNOWN
SUSE-SR:2005:019

Source: REDHAT
Type: UNKNOWN
RHSA-2005:589

Source: REDHAT
Type: UNKNOWN
RHSA-2005:627

Source: FEDORA
Type: UNKNOWN
FLSA:158543

Source: BID
Type: UNKNOWN
14531

Source: CCN
Type: BID-14531
Gaim AIM/ICQ Protocols Multiple Vulnerabilities

Source: CCN
Type: USN-168-1
Gaim vulnerabilities

Source: XF
Type: UNKNOWN
gaim-away-message-bo(21759)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11477

Source: UBUNTU
Type: UNKNOWN
USN-168-1

Source: SUSE
Type: SUSE-SR:2005:019
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:rob_flynn:gaim:0.10:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.10.3:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.50:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.51:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.52:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.53:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.54:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.55:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.56:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.57:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.58:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.59:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.59.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.60:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.61:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.62:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.63:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.64:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.65:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.66:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.67:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.68:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.69:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.73:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.74:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.75:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.76:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.77:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.78:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.79:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.80:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.81:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.82:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:0.82.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.1.0:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.1.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.1.2:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.1.3:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.1.4:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.2.0:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:rob_flynn:gaim:1.4.0:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20052103
    V
    		CVE-2005-2103
    2015-11-16
    oval:org.mitre.oval:def:11477
    V
    		Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
    2013-04-29
    oval:com.redhat.rhsa:def:20050627
    P
    		RHSA-2005:627: gaim security update (Critical)
    2005-08-09
    BACK
    rob_flynn gaim 0.10
    rob_flynn gaim 0.10.3
    rob_flynn gaim 0.50
    rob_flynn gaim 0.51
    rob_flynn gaim 0.52
    rob_flynn gaim 0.53
    rob_flynn gaim 0.54
    rob_flynn gaim 0.55
    rob_flynn gaim 0.56
    rob_flynn gaim 0.57
    rob_flynn gaim 0.58
    rob_flynn gaim 0.59
    rob_flynn gaim 0.59.1
    rob_flynn gaim 0.60
    rob_flynn gaim 0.61
    rob_flynn gaim 0.62
    rob_flynn gaim 0.63
    rob_flynn gaim 0.64
    rob_flynn gaim 0.65
    rob_flynn gaim 0.66
    rob_flynn gaim 0.67
    rob_flynn gaim 0.68
    rob_flynn gaim 0.69
    rob_flynn gaim 0.70
    rob_flynn gaim 0.71
    rob_flynn gaim 0.72
    rob_flynn gaim 0.73
    rob_flynn gaim 0.74
    rob_flynn gaim 0.75
    rob_flynn gaim 0.76
    rob_flynn gaim 0.77
    rob_flynn gaim 0.78
    rob_flynn gaim 0.79
    rob_flynn gaim 0.80
    rob_flynn gaim 0.81
    rob_flynn gaim 0.82
    rob_flynn gaim 0.82.1
    rob_flynn gaim 1.0
    rob_flynn gaim 1.0.0
    rob_flynn gaim 1.0.1
    rob_flynn gaim 1.0.2
    rob_flynn gaim 1.0.3
    rob_flynn gaim 1.1.0
    rob_flynn gaim 1.1.1
    rob_flynn gaim 1.1.2
    rob_flynn gaim 1.1.3
    rob_flynn gaim 1.1.4
    rob_flynn gaim 1.2.0
    rob_flynn gaim 1.2.1
    rob_flynn gaim 1.3.0
    rob_flynn gaim 1.3.1
    rob_flynn gaim 1.4.0