PT-2005-1990 · Pidgin+1 · Gaim+1

Publicado

2005-04-04

·

Atualizado

2018-10-19

·

CVE-2005-0966

CVSS v2.0

6.4

Média

VetorAV:N/AC:L/Au:N/C:N/I:P/A:P
Name of the Vulnerable Software and Affected Versions Gaim version 1.2.0
Description The issue allows remote attackers to inject arbitrary Gaim markup via certain functions, such as irc msg kick, irc msg mode, irc msg part, and irc msg quit. Additionally, it enables remote attackers to inject arbitrary Pango markup and display empty dialog boxes via irc msg invite. Malicious IRC servers can also cause a denial of service by injecting specific Pango markup into functions like irc msg badmode, irc msg banned, irc msg unknown, and irc msg nochan.
Recommendations For Gaim version 1.2.0, consider disabling the IRC protocol plugin as a temporary workaround until a patch is available. Restrict access to the irc msg kick, irc msg mode, irc msg part, irc msg quit, irc msg invite, irc msg badmode, irc msg banned, irc msg unknown, and irc msg nochan functions to minimize the risk of exploitation. Avoid using the affected functions in the IRC protocol plugin until the issue is resolved.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-0966
RHSA-2005_365

Produtos afetados

Gaim
Red Hat