Gaim Multiple Denial of Service Weaknesses
SECUNIA ADVISORY ID:
Three weaknesses have been reported in Gaim, which can be exploited
by malicious people to cause a DoS (Denial of Service).
1) An error in the "gaim_markup_strip_html()" function when
processing HTML can be exploited to cause an out-of-bounds read error
and crash the application.
2) An error in the IRC protocol plug-in when processing received
messages over IRC can be exploited to crash the application.
3) An error within the handling of certain file transfer requests can
be exploited to cause an out-of-bounds read error and crash a Gaim
Jabber user's application.
Update to version 1.2.1.
PROVIDED AND/OR DISCOVERED BY:
1-2) Jean-Yves Lefort
3) Marco Alvarez
eTrust Intrusion Detection System Remote Denial of Service Vulnerability
Computer Associates eTrust Intrusion Detection 3.0 SP 1
Computer Associates eTrust Intrusion Detection 3.0
eTrust Intrusion Detection System is reported prone to a remote denial of service vulnerability.
This vulnerability specifically arises due to the improper use of the Microsoft Crypto API function called 'CPImportKey'. eTrust Intrusion Detection System employs the Microsoft Crypto API functionality without wrapper functions to validate user-supplied input and is susceptible to denial of service attacks.
A successful attack can crash the application by exhausting memory resources. This can facilitate further attacks against the network and the possibility of attacks not being detected.
eTrust Intrusion Detection System 3.0 and 3.0 SP1 are reported vulnerable.
The vendor has released patches to address this issue.
Computer Associates eTrust Intrusion Detection 3.0 SP 1:
Computer Associates Patch QO66178
Computer Associates eTrust Intrusion Detection 3.0:
Computer Associates Patch QO66181