SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Instant Messaging/IRC/Chat)  >  Gaim Vendors:  Gaim.sourceforge.net
Gaim Smiley Theme Filename Input Validation Error Permits Arbitrary Code Execution
SecurityTracker Alert ID:  1011082
SecurityTracker URL:  http://securitytracker.com/id?1011082
CVE Reference:  CAN-2004-0784   (Links to External Site)
OSVDB Reference:  9259   (Links to External Site)
Date:  Aug 28 2004
Impact:  Execution of arbitrary code via network, User access via network
Fix Available:  Yes   Exploit Included:  Yes   Vendor Confirmed:  Yes  
Version(s): prior to 0.82
Description:  A vulnerability was reported in Gaim in the installation of smiley theme files. A remote user can create a specially named file that, when installed, will execute arbitrary code on the target user's system.

The vendor reported that if a target user drags a smiley theme tar file to the Gaim application, the application executes a tar command on the filename without properly validating the filename. If the filename is specially crafted, arbitrary code execution is possible.
Impact:  A remote user can create a specially named smiley theme tar file that, when installed by the target user with a drag and drop method, will cause arbitrary code to be executed on the target user's computer. The code will run with the privileges of the target user's Gaim application.
Solution:  The vendor has released a fixed version (0.82), available at:

http://gaim.sourceforge.net/downloads.php
Vendor URL:  gaim.sourceforge.net/security/index.php?id=1 (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 17 2004 (Fedora Issues Fix for RH Linux) Gaim Smiley Theme Filename Input Validation Error Permits Arbitrary Code Execution   (Marc Deslauriers <marcdeslauriers@videotron.ca>)
Fedora has released a fix for Red Hat Linux 7.3 and 9.
Oct 21 2004 (Mandrake Issues Fix) Gaim Smiley Theme Filename Input Validation Error Permits Arbitrary Code Execution   (Mandrake Linux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Nov 5 2004 (Conectiva Issues Fix) Gaim Smiley Theme Filename Input Validation Error Permits Arbitrary Code Execution   (Conectiva Updates <secure@conectiva.com.br>)
Conectiva has released a fix.


 Source Message Contents

 

[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC