Bug 135679 - CAN-2004-0891 MSN protocol buffer overflow.
CAN-2004-0891 MSN protocol buffer overflow.
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: gaim (Show other bugs)
2
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Reed
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-10-14 08:20 EDT by Josh Bressers
Modified: 2007-11-30 17:10 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-31 03:50:16 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2004-10-14 08:20:20 EDT
Buffer overflow when receiving unexpected sequence of MSNSLP messages
Affected code: src/protocols/msn/slplink.c memcpy was used without
checking the size of the buffer before copying to it.  Additionally, a
logic flaw was causing the wrong buffer to be used as the destination
for the copy under certain circumstances.

This issue affects gaim 0.79-1.0.1
Comment 1 Josh Bressers 2004-10-19 14:04:00 EDT
Public, removing embargo.
Comment 2 Warren Togami 2004-10-20 22:07:16 EDT
This is fixed in gaim-1.0.1-1.FC3 shipping in FC3 final.  I am testing
and preparing gaim-1.0.2 for FC2 and FC3 updates now.
Comment 3 Warren Togami 2004-10-20 22:18:50 EDT
Crap... the security update for gaim was rejected from FC3 final. 
1.0.2 update coming immediately.
Comment 4 Warren Togami 2004-10-31 03:50:16 EST
This security update has subsequently made FC3 final, and issued as
1.0.2 to FC2.

Note You need to log in before you can comment on or make changes to this bug.