Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:110 (gaim)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50593

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:110 (gaim)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to gaim
announced via advisory MDKSA-2004:110.

More vulnerabilities have been discovered in the gaim instant
messenger client. The vulnerabilities pertinent to version 0.75,
which is the version shipped with Mandrakelinux 10.0, are: installing
smiley themes could allow remote attackers to execute arbitrary
commands via shell metacharacters in the filename of the tar file that
is dragged to the smiley selector. There is also a buffer overflow in
the way gaim handles receiving very long URLs.

The provided packages have been patched to fix these problems. These
issues, amongst others, have been fixed upstream in version 0.82.

Affected versions: 10.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:110
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0785

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0784
http://www.fedoranews.org/updates/FEDORA-2004-278.shtml
http://www.fedoranews.org/updates/FEDORA-2004-279.shtml
http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10008
http://www.redhat.com/support/errata/RHSA-2004-400.html
XForce ISS Database: gaim-smiley-command-execution(17144)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17144
Common Vulnerability Exposure (CVE) ID: CVE-2004-0785
BugTraq ID: 11056
http://www.securityfocus.com/bid/11056
http://www.osvdb.org/9261
http://www.osvdb.org/9262
http://www.osvdb.org/9263
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10907
http://securitytracker.com/id?1011083
http://secunia.com/advisories/12383
http://secunia.com/advisories/12480
http://secunia.com/advisories/12929
http://secunia.com/advisories/13101
XForce ISS Database: gaim-hostname-bo(17142)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17142
XForce ISS Database: gaim-rtf-bo(17141)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17141
XForce ISS Database: gaim-url-bo(17143)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17143

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50593
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:110 (gaim)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gaim announced via advisory MDKSA-2004:110. More vulnerabilities have been discovered in the gaim instant messenger client. The vulnerabilities pertinent to version 0.75, which is the version shipped with Mandrakelinux 10.0, are: installing smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector. There is also a buffer overflow in the way gaim handles receiving very long URLs. The provided packages have been patched to fix these problems. These issues, amongst others, have been fixed upstream in version 0.82. Affected versions: 10.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:110 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0784 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0785 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0784 http://www.fedoranews.org/updates/FEDORA-2004-278.shtml http://www.fedoranews.org/updates/FEDORA-2004-279.shtml http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10008 http://www.redhat.com/support/errata/RHSA-2004-400.html XForce ISS Database: gaim-smiley-command-execution(17144) https://exchange.xforce.ibmcloud.com/vulnerabilities/17144 Common Vulnerability Exposure (CVE) ID: CVE-2004-0785 BugTraq ID: 11056 http://www.securityfocus.com/bid/11056 http://www.osvdb.org/9261 http://www.osvdb.org/9262 http://www.osvdb.org/9263 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10907 http://securitytracker.com/id?1011083 http://secunia.com/advisories/12383 http://secunia.com/advisories/12480 http://secunia.com/advisories/12929 http://secunia.com/advisories/13101 XForce ISS Database: gaim-hostname-bo(17142) https://exchange.xforce.ibmcloud.com/vulnerabilities/17142 XForce ISS Database: gaim-rtf-bo(17141) https://exchange.xforce.ibmcloud.com/vulnerabilities/17141 XForce ISS Database: gaim-url-bo(17143) https://exchange.xforce.ibmcloud.com/vulnerabilities/17143
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com