Hackers could exploit security flaw in Gaim IM client, warns Secunia


Hackers could exploit security flaw in Gaim IM client, warns Secunia

Tash Shifrin

A critical security flaw in the internet messaging client Gaim could allow hackers to cause a denial of service, security experts have warned.

A security advisory from Secunia, which provides security advisories and information about patches, cautions that a flaw in the handling of away messages could be exploited to cause a heap-based buffer overflow by sending a specially crafted away message to a user logged into AIM or ICQ.

Successful exploitation would allow the execution of arbitrary code.

It adds that a file transfer bug could be exploited to crash the application by attempting to upload a file with a non-UTF8 filename to a user logged into AIM or ICQ.

Secunia said the problem could be fixed by updating version 1.5.0 of Gaim.

Red Hat has also issued an advisory alerting users to the vulnerabilities in Gaim, adding that a denial-of-service bug had been found in Gaim’s Gadu Gadu protocol handler, which could also be exploited to crash the application. But it said this issue only affected users running Gaim on PPC and IBM S/390 systems.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy