CVE
- Id
- 8434
- CVE No.
- CVE-2004-0006
- Status
- Candidate
- Description
- Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
- Phase
- Modified (20100819)
- Votes
- ACCEPT(5) Armstrong, Baker, Cole, Cox, Green | NOOP(2) Christey, Wall
- Comments
- Cox> Although the 0.59.1 version of Gaim shipped by Red Hat contained these | flaws, Yahoo connections were not functional and therefore the majority of | the issues could not be exploited, leading to the abstraction comment above. | Christey> CERT-VN:VU#871838 | URL:http://www.kb.cert.org/vuls/id/871838 | CERT-VN:VU#444158 | URL:http://www.kb.cert.org/vuls/id/444158 | CERT-VN:VU#503030 | URL:http://www.kb.cert.org/vuls/id/503030 | CERT-VN:VU#371382 | URL:http://www.kb.cert.org/vuls/id/371382 | CERT-VN:VU#297198 | URL:http://www.kb.cert.org/vuls/id/297198 | CERT-VN:VU#527142 | URL:http://www.kb.cert.org/vuls/id/527142 | Christey> Normalize Gentoo reference
