Hackers could exploit security flaw in Gaim IM client, warns Secunia

A critical security flaw in the internet messaging client Gaim could allow hackers to cause a denial of service, security experts have warned.

A critical security flaw in the internet messaging client Gaim could allow hackers to cause a denial of service, security experts have warned.

A security advisory from Secunia, which provides security advisories and information about patches, cautions that a flaw in the handling of away messages could be exploited to cause a heap-based buffer overflow by sending a specially crafted away message to a user logged into AIM or ICQ.

Successful exploitation would allow the execution of arbitrary code.

It adds that a file transfer bug could be exploited to crash the application by attempting to upload a file with a non-UTF8 filename to a user logged into AIM or ICQ.

Secunia said the problem could be fixed by updating version 1.5.0 of Gaim.

Red Hat has also issued an advisory alerting users to the vulnerabilities in Gaim, adding that a denial-of-service bug had been found in Gaim’s Gadu Gadu protocol handler, which could also be exploited to crash the application. But it said this issue only affected users running Gaim on PPC and IBM S/390 systems.

 

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close