A critical security flaw in the internet messaging client Gaim could allow hackers to cause a denial of service, security experts have warned.
A security advisory from Secunia, which provides security advisories and information about patches, cautions that a flaw in the handling of away messages could be exploited to cause a heap-based buffer overflow by sending a specially crafted away message to a user logged into AIM or ICQ.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Successful exploitation would allow the execution of arbitrary code.
It adds that a file transfer bug could be exploited to crash the application by attempting to upload a file with a non-UTF8 filename to a user logged into AIM or ICQ.
Secunia said the problem could be fixed by updating version 1.5.0 of Gaim.
Red Hat has also issued an advisory alerting users to the vulnerabilities in Gaim, adding that a denial-of-service bug had been found in Gaim’s Gadu Gadu protocol handler, which could also be exploited to crash the application. But it said this issue only affected users running Gaim on PPC and IBM S/390 systems.