Debian Security Advisory DSA 2852-1 (libgadu - Heap-based Buffer Overflow) Network Vulnerability

Summary

Yves Younan and Ryan Pentney discovered that libgadu, a library for accessing the Gadu-Gadu instant messaging service, contained an integer overflow leading to a buffer overflow. Attackers which impersonate the server could crash clients and potentially execute arbitrary code.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 1:1.9.0-2+squeeze2. For the stable distribution (wheezy), this problem has been fixed in version 1:1.11.2-1+deb7u1. For the unstable distribution (sid), this problem has been fixed in version 1:1.11.3-1. We recommend that you upgrade your libgadu packages.

Affected

libgadu on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2852.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6487

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 065-1 (samba)
Debian Security Advisory DSA 1046-1 (mozilla)
Debian Security Advisory DSA 016-1 (wu-ftpd)
Debian Security Advisory DSA 071-1 (fetchmail)
Debian Security Advisory DSA 018-1 (tinyproxy)

Debian Security Advisory DSA 2852-1 (libgadu - heap-based buffer overflow)

Take action and discover your vulnerabilities