Hackers could exploit security flaw in Gaim IM client, warns Secunia

Tash Shifrin

A critical security flaw in the internet messaging client Gaim could allow hackers to cause a denial of service, security experts have warned.

A security advisory from Secunia, which provides security advisories and information about patches, cautions that a flaw in the handling of away messages could be exploited to cause a heap-based buffer overflow by sending a specially crafted away message to a user logged into AIM or ICQ.

Successful exploitation would allow the execution of arbitrary code.

It adds that a file transfer bug could be exploited to crash the application by attempting to upload a file with a non-UTF8 filename to a user logged into AIM or ICQ.

Secunia said the problem could be fixed by updating version 1.5.0 of Gaim.

Red Hat has also issued an advisory alerting users to the vulnerabilities in Gaim, adding that a denial-of-service bug had been found in Gaim’s Gadu Gadu protocol handler, which could also be exploited to crash the application. But it said this issue only affected users running Gaim on PPC and IBM S/390 systems.


Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy