HighRealSecure Desktop, IBM Security Host Protection for Desktops, RealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Host Protection for Servers (Windows), Proventia Network MFS, BlackICE Server Protection, BlackICE PC Protection, RealSecure Sentry, RealSecure Guard, BlackICE Agent for Server, RealSecure Server Sensor, RealSecure Network, IBM Security Host Protection for Servers (Unix), Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature detects Yahoo! Messaging overflows in the following types: 'ymsgr:addview?', 'ymsgr:call?', 'ymsgr:sendim?', 'ymsgr:addfriend?', 'ymsgr:chat?', and 'ymsgr:getimv?'.
This signature looks for Yahoo Messaging overflows in the following types: 'ymsgr:addview?', 'ymsgr:call?', 'ymsgr:sendim?', and 'ymsgr:addfriend?'
High
RealSecure Desktop: baseline, IBM Security Host Protection for Desktops: 8.0.614.1, RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, IBM Security Host Protection for Servers (Windows): 1.0.914.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, Proventia Network MFS: 1.0, BlackICE Server Protection: 3.6.cbd, BlackICE PC Protection: 3.6.cbd, RealSecure Sentry: 3.6, RealSecure Guard: 3.6, RealSecure Desktop Protector: 3.6, BlackICE Agent for Server: 3.6, RealSecure Server Sensor: 7.0, RealSecure Network: XPU 20.2, RealSecure Network: XPU 5.1, IBM Security Host Protection for Servers (Unix): 2.2.2, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0, Virtual Server Protection for Vmware: 1.0
Yahoo Messenger: 5.0
Unauthorized Access Attempt
Yahoo! Messenger is vulnerable to multiple buffer overflows, caused by improper bounds checking of ymsgr URI arguments. By sending an overly long ymsgr call, sendim, getimv, chat, addview, or addfriend argument, a remote attacker could overflow a buffer and execute arbitrary code on the system.
Upgrade to the latest version of Yahoo! Messenger (5.0 Build 1065 or later), available from the Yahoo! Messenger Web site. See References.
BugTraq Mailing List, Mon May 27 2002 - 10:20:54 CDT
Yahoo Messenger - Multiple Vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2002-05/0228.html
Yahoo! Messenger Web site
Download Yahoo! Messenger
http://messenger.yahoo.com/messenger/download/index.html
CERT Advisory CA-2002-16
Multiple Vulnerabilities in Yahoo! Messenger
http://www.cert.org/advisories/CA-2002-16.html
CERT Vulnerability Note VU#137115
Yahoo! Messenger contains a buffer overflow in the URI handler
http://www.kb.cert.org/vuls/id/137115
SecuriTeam Mailing List, Security Holes & Exploits 8 Jul 2003
Yahoo Messenger Service Call Buffer Overflow Vulnerability Resurfaces
http://www.securiteam.com/exploits/5XP072AAKQ.html
ISS X-Force
Yahoo! Messenger ymsgr URI multiple buffer overflows
http://www.iss.net/security_center/static/9183.php
CVE
CVE-2002-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0031