Yahoo! Messenger ymsgr URI multiple buffer overflows (YahooMSG_URL_Handler_Overflow)

About this signature or vulnerability

IBM Security Host Protection for Servers (Unix), IBM Security Host Protection for Desktops, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia Network MFS, Proventia Network IDS, Proventia-G 1.1 and earlier, Proventia Network IPS:

This signature detects Yahoo! Messaging overflows in the following types: 'ymsgr:addview?', 'ymsgr:call?', 'ymsgr:sendim?', 'ymsgr:addfriend?', 'ymsgr:chat?', and 'ymsgr:getimv?'.

This signature looks for Yahoo Messaging overflows in the following types: 'ymsgr:addview?', 'ymsgr:call?', 'ymsgr:sendim?', and 'ymsgr:addfriend?'


Default risk level

High risk vulnerability  High

Sensors that have this signature

IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Host Protection for Desktops: 8.0.614.1, Virtual Server Protection for Vmware: 1.0, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 1.0, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, IBM Security Host Protection for Servers (Windows): 1.0.914.0, RealSecure Server Sensor: 7.0, Proventia Network MFS: 1.0, Proventia Network IDS: A Series, Proventia-G 1.1 and earlier: G Series, Proventia Network IPS: 2.0

Systems affected

Yahoo Messenger: 5.0

Type

Unauthorized Access Attempt

Vulnerability description

Yahoo! Messenger is vulnerable to multiple buffer overflows, caused by improper bounds checking of ymsgr URI arguments. By sending an overly long ymsgr call, sendim, getimv, chat, addview, or addfriend argument, a remote attacker could overflow a buffer and execute arbitrary code on the system.

How to remove this vulnerability

Upgrade to the latest version of Yahoo! Messenger (5.0 Build 1065 or later), available from the Yahoo! Messenger Web site. See References.

References

BugTraq Mailing List, Mon May 27 2002 - 10:20:54 CDT
Yahoo Messenger - Multiple Vulnerabilities
http://archives.neohapsis.com/archives/bugtraq/2002-05/0228.html

Yahoo! Messenger Web site
Download Yahoo! Messenger
http://messenger.yahoo.com/messenger/download/index.html

CERT Advisory CA-2002-16
Multiple Vulnerabilities in Yahoo! Messenger
http://www.cert.org/advisories/CA-2002-16.html

CERT Vulnerability Note VU#137115
Yahoo! Messenger contains a buffer overflow in the URI handler
http://www.kb.cert.org/vuls/id/137115

SecuriTeam Mailing List, Security Holes & Exploits 8 Jul 2003
Yahoo Messenger Service Call Buffer Overflow Vulnerability Resurfaces
http://www.securiteam.com/exploits/5XP072AAKQ.html

ISS X-Force
Yahoo! Messenger ymsgr URI multiple buffer overflows
http://www.iss.net/security_center/static/9183.php

CVE
CVE-2002-0031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0031