Signature Detail
Short Name |
CHAT:AIM:OVERFLOW:AWAY-FS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
CHAT |
Keywords |
Away Message Overflow |
Release Date |
2006/10/09 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
AIM: Away Message Overflow
This signature detects abnormally large AIM messages containing format string characters . Malicious users can craft messages to overflow a buffer on some Instant Messenger clients. A successfull attack can allow code execution.
Extended Description
Gaim is prone to multiple vulnerabilities affecting the AIM and ICQ protocols. These issues may allow remote attackers to trigger a buffer overflow or a denial-of-service condition. All versions of Gaim 1.x are considered vulnerable at the moment.
Affected Products
- Conectiva Linux 10.0.0
- Gentoo Linux
- Mandriva Corporate Server 3.0.0
- Mandriva Corporate Server 3.0.0 X86 64
- Mandriva Linux Mandrake 10.1.0
- Mandriva Linux Mandrake 10.1.0 X86 64
- Mandriva Linux Mandrake 10.2.0
- Mandriva Linux Mandrake 10.2.0 X86 64
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0
- Red Hat Advanced Workstation for the Itanium Processor 2.1.0 IA64
- Red Hat Desktop 4.0.0
- Red Hat Enterprise Linux AS 2.1
- Red Hat Enterprise Linux AS 2.1 IA64
- Red Hat Enterprise Linux ES 2.1
- Red Hat Enterprise Linux ES 2.1 IA64
- Red Hat Enterprise Linux WS 2.1
- Red Hat Enterprise Linux WS 2.1 IA64
- Red Hat Fedora Core1
- Red Hat Fedora Core2
- Red Hat Fedora Core3
- Red Hat Fedora Core4
- Red Hat Linux 7.3.0
- Red Hat Linux 7.3.0 I386
- Red Hat Linux 7.3.0 I686
- Red Hat Linux 9.0.0 I386
- Rob Flynn Gaim 1.0.0
- Rob Flynn Gaim 1.0.1
- Rob Flynn Gaim 1.0.2
- Rob Flynn Gaim 1.1.1
- Rob Flynn Gaim 1.1.2
- Rob Flynn Gaim 1.1.3
- Rob Flynn Gaim 1.1.4
- Rob Flynn Gaim 1.2.0
- Rob Flynn Gaim 1.2.1
- Rob Flynn Gaim 1.3.0 .0
- Rob Flynn Gaim 1.3.1
- SGI ProPack 3.0.0 SP6
- Slackware Linux 10.0.0
- Slackware Linux 10.1.0
- Slackware Linux 9.0.0
- Slackware Linux 9.1.0
- Slackware Linux -Current
- SuSE Linux Desktop 1.0.0
- SuSE Linux Enterprise Server for S/390 9.0.0
- SuSE Linux Enterprise Server for S/390
- SuSE Linux Personal 8.2.0
- SuSE Linux Personal 9.0.0
- SuSE Linux Personal 9.0.0 X86 64
- SuSE Linux Personal 9.1.0
- SuSE Linux Personal 9.1.0 X86 64
- SuSE Linux Personal 9.2.0
- SuSE Linux Personal 9.2.0 X86 64
- SuSE Linux Personal 9.3.0
- SuSE Linux Personal 9.3.0 X86 64
- SuSE Linux Professional 7.3.0
- SuSE Linux Professional 8.2.0
- SuSE Linux Professional 9.0.0
- SuSE Linux Professional 9.0.0 X86 64
- SuSE Linux Professional 9.1.0
- SuSE Linux Professional 9.1.0 X86 64
- SuSE Linux Professional 9.2.0
- SuSE Linux Professional 9.2.0 X86 64
- SuSE Linux Professional 9.3.0
- SuSE Linux Professional 9.3.0 X86 64
- SuSE Novell Linux Desktop 9.0.0
- SuSE Open-Enterprise-Server 9.0.0
- SuSE SUSE Linux Enterprise Server 7
- SuSE SUSE Linux Enterprise Server 8
- SuSE SUSE Linux Enterprise Server 9
- SuSE SUSE LINUX Retail Solution 8.0.0
- SuSE SuSE Linux School Server for i386
- SuSE SuSE Linux Standard Server 8.0.0
- Ubuntu Ubuntu Linux 4.1.0 Ia32
- Ubuntu Ubuntu Linux 4.1.0 Ia64
- Ubuntu Ubuntu Linux 4.1.0 Ppc
- Ubuntu Ubuntu Linux 5.0.0 4 Amd64
- Ubuntu Ubuntu Linux 5.0.0 4 I386
- Ubuntu Ubuntu Linux 5.0.0 4 Powerpc
References