Bug 82865 (CVE-2005-1261) - VUL-0: CVE-2005-1261: gaim overflow
Summary: VUL-0: CVE-2005-1261: gaim overflow
Status: RESOLVED FIXED
Alias: CVE-2005-1261
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-1261: CVSS v2 Base Score: 7....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-05-09 08:43 UTC by Sebastian Krahmer
Modified: 2021-11-08 16:40 UTC (History)
3 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
the fix from upstream (3.83 KB, patch)
2005-05-09 08:45 UTC, Sebastian Krahmer 		Details | Diff
patchinfo box (685 bytes, text/plain)
2005-05-11 09:06 UTC, Sebastian Krahmer 		Details
patchinfo for maintained products (469 bytes, text/plain)
2005-05-11 09:06 UTC, Sebastian Krahmer 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2005-05-09 08:43:13 UTC 
Date: Fri, 06 May 2005 12:35:03 -0400
From: Josh Bressers <bressers@redhat.com>
To: vendor-sec@lst.de
Subject: [vendor-sec] Gaim buffer overflow
Parts/Attachments:
   1 Shown     12 lines  Text
   2 Shown    141 lines  Text, "gaim-long_url.patch"
----------------------------------------

Gaim 1.3.0 is scheduled for release on Tuesday (2005-05-10), the exact time
is unknown to me, evening (US time) is expected.

There is a buffer overflow in gaim where an attacker can send a very long
URL in a message (>8192 bytes).  It's a stack based overflow, looks pretty
ugly.  I'm attaching the upstream patch.

This issue is CAN-2005-1261.

-- 
    JB


    [ Part 2: "gaim-long_url.patch" ]
Comment 1 Sebastian Krahmer 2005-05-09 08:45:35 UTC 
Created attachment 36583 [details]
the fix from upstream

...
Comment 2 Stanislav Brabec 2005-05-09 15:06:28 UTC 
Package submitted for STABLE, 9.3-all, 9.2-all, SLES9-SLD, SLES9-SLD-BETA.

For 9.2 (gaim-0.75) and older patch completely rejects, but code has some
similarities. Is there any info about oldest affected version?
Comment 3 Sebastian Krahmer 2005-05-10 14:00:53 UTC 
No, maybe the gaim maintainers know more?
I will make SWAMP task.
Comment 4 Sebastian Krahmer 2005-05-10 14:03:47 UTC 
SM-Tracker-1142
Comment 5 Stanislav Brabec 2005-05-10 15:06:56 UTC 
Code is probably affected, too. Backporting.
Comment 6 Michael Schröder 2005-05-10 17:07:38 UTC 
Patchinfo?
Comment 7 Stanislav Brabec 2005-05-10 17:16:17 UTC 
Patch backported and significantly modified for 9.1-all and 9.0-all. Only quick
test was done.

For 8.2-all and sles8-slec-all, patch from 9.1-all was applied and reformatted
using wiggle.

All packages submitted. Re-assigning to security-team - please create patchinfo.
Comment 8 Sebastian Krahmer 2005-05-11 08:36:36 UTC 
Ok, *now* where packages are available I will submit
patchinfos. :)

Stanislav, I assume 9.2 and 9.2 was affected as well?
Comment 9 Sebastian Krahmer 2005-05-11 09:05:13 UTC 
Patchinfos submitted. Please go ahead.
Comment 10 Sebastian Krahmer 2005-05-11 09:06:02 UTC 
Created attachment 36844 [details]
patchinfo box

...
Comment 11 Sebastian Krahmer 2005-05-11 09:06:36 UTC 
Created attachment 36845 [details]
patchinfo for maintained products

...
Comment 12 Stanislav Brabec 2005-05-11 10:40:04 UTC 
9.2 was submitted, too:

stable-all, 9.3-all, sles9-sld-beta-all: Original patch.

9.2-all, sles9-sld-all: Small change in patch.

9.1-all, 9.0-all: Patch backport and rewrite.

8:2-all, sles8-slec-all: Reformatted backported patch.

Backported patch needs more testing.
Comment 13 Thomas Biege 2005-05-24 16:03:14 UTC 
Looks like the patchinfo is messed up:

BUGZILLA: security
Comment 14 Thomas Biege 2005-05-24 16:04:45 UTC 
fixed them ;)
Comment 15 Ludwig Nussel 2005-06-09 08:09:25 UTC 
packages released
Comment 16 Thomas Biege 2009-10-13 21:21:59 UTC 
CVE-2005-1261: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)