|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA13450] Gadu-Gadu Multiple Vulnerabilities
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Fri Dec 17 2004 - 06:37:46 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Gadu-Gadu Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA13450
VERIFY ADVISORY:
http://secunia.com/advisories/13450/
CRITICAL:
Highly critical
IMPACT:
Cross Site Scripting, Exposure of sensitive information, System
access
WHERE:
From remote
SOFTWARE:
Gadu-Gadu 6.x
http://secunia.com/product/3893/
DESCRIPTION:
Blazej Miga and Jaroslaw Sajko have reported multiple vulnerabilities
in Gadu-Gadu, which can be exploited by malicious people to conduct
cross-site scripting attacks, compromise a user's system and disclose
sensitive information.
1) An error in the parsing of "http:" and "news:" links embedded in
sent messages can be exploited to execute script code in the "local"
zone.
2) Users can send packets with embedded ".dll" files and the client
will execute some of its functions.
3) An error in the DCC connection feature can be exploited to
disclose arbitrary local files via directory traversal attacks.
4) A boundary error in the sending images handling can be exploited
to cause a buffer overflow by supplying a specially crafted
filename.
Successful exploitation can lead to execution of arbitrary code.
5) An error exists where small images are allowed to be sent even
when the "image send" option is disabled (up to 100 bytes).
6) A boundary error in the assembling of divided sent files can be
exploited to cause a heap based buffer overflow by supplying
specially crafted length values.
7) An integer overflow error in the handling of receiving files
through DCC can be exploited by supplying specially crafted file
length values.
SOLUTION:
Add only trusted users to the contact list, disable DCC connections,
and ignore messages from untrusted sources.
Use another product.
PROVIDED AND/OR DISCOVERED BY:
Blazej Miga and Jaroslaw Sajko.
ORIGINAL ADVISORY:
http://www.man.poznan.pl/~security/gg-adv.txt
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]