English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.51377
Kategorie:Conectiva Local Security Checks
Titel:Conectiva Security Advisory CLA-2004:884
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory CLA-2004:884.

Gaim[1] is a multi-protocol instant messaging (IM) client.

This announcement fixes several denial of service and buffer overflow
vulnerabilities that were encountered in Gaim.

The fixed vulnerabilities are:

CVE-2004-0500[2]: Buffer overflow in the MSN protocol plugins
object.c and slp.c allows remote attackers to cause a denial of
service and possibly execute arbitrary code via MSNSLP protocol
messages that are not properly handled in a strncpy call.

CVE-2004-0754[3]: Integer overflow in Gaim allows remote attackers to
cause a denial of service and possibly execute arbitrary code via the
size variable in Groupware server messages.

CVE-2004-0784[4]: The smiley theme functionality in Gaim allows
remote attackers to execute arbitrary commands via shell
metacharacters in the filename of the tar file that is dragged to the
smiley selector.

CVE-2004-0785[5]: Multiple buffer overflows in Gaim allow remote
attackers to cause a denial of service and possibly execute arbitrary
code via Rich Text Format (RTF) messages, a long hostname for the
local system as obtained from DNS, or a long URL that is not properly
handled by the URL decoder.

For further informations on Gaim's vulnerabilities, please refer to
the project's security page[6].


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://gaim.sourceforge.net/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0785
http://gaim.sourceforge.net/security/
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:884
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High

CVSS Score:
7.5

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2004-0500
BugTraq ID: 10865
http://www.securityfocus.com/bid/10865
http://www.fedoranews.org/updates/FEDORA-2004-278.shtml
http://www.fedoranews.org/updates/FEDORA-2004-279.shtml
http://www.gentoo.org/security/en/glsa/glsa-200408-12.xml
http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9429
http://www.redhat.com/support/errata/RHSA-2004-400.html
SuSE Security Announcement: SUSE-SA:2004:025 (Google Search)
http://www.novell.com/linux/security/advisories/2004_25_gaim.html
XForce ISS Database: gaim-msn-bo(16920)
https://exchange.xforce.ibmcloud.com/vulnerabilities/16920
Common Vulnerability Exposure (CVE) ID: CVE-2004-0754
BugTraq ID: 11056
http://www.securityfocus.com/bid/11056
http://www.osvdb.org/9260
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10220
http://securitytracker.com/id?1011083
http://secunia.com/advisories/12383
http://secunia.com/advisories/12480
http://secunia.com/advisories/13101
XForce ISS Database: gaim-groupware-integer-overflow(17140)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17140
Common Vulnerability Exposure (CVE) ID: CVE-2004-0784
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10008
XForce ISS Database: gaim-smiley-command-execution(17144)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17144
Common Vulnerability Exposure (CVE) ID: CVE-2004-0785
http://www.osvdb.org/9261
http://www.osvdb.org/9262
http://www.osvdb.org/9263
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10907
http://secunia.com/advisories/12929
XForce ISS Database: gaim-hostname-bo(17142)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17142
XForce ISS Database: gaim-rtf-bo(17141)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17141
XForce ISS Database: gaim-url-bo(17143)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17143
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.