ID de Prueba:	1.3.6.1.4.1.25623.1.0.51079
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:045
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:045. Gaim is an instant messenger client that can handle multiple protocols. Stefan Esser audited the Gaim source code and found a number of bugs that have security implications. Many of these bugs do not affect the version of Gaim distributed with version 2.1 of Red Hat Enterprise Linux. A buffer overflow exists in the HTTP Proxy connect code. If Gaim is configured to use an HTTP proxy for connecting to a server, a malicious HTTP proxy could run arbitrary code as the user running Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0006 to this issue. An integer overflow in Gaim 0.74 and earlier, when allocating memory for a directIM packet for AIM/Oscar, results in heap overflow. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0008 to this issue. Users of Gaim should upgrade to these erratum packages, which contain a backported security patch correcting this issue. Red Hat would like to thank Steffan Esser for finding and reporting these issues and Jacques A. Vidrine for providing initial patches. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-045.html http://security.e-matters.de/advisories/012004.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0006 BugTraq ID: 9489 http://www.securityfocus.com/bid/9489 Bugtraq: 20040126 Advisory 01/2004: 12 x Gaim remote overflows (Google Search) http://marc.info/?l=bugtraq&m=107513690306318&w=2 Bugtraq: 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code (Google Search) http://marc.info/?l=bugtraq&m=107522432613022&w=2 CERT/CC vulnerability note: VU#297198 http://www.kb.cert.org/vuls/id/297198 CERT/CC vulnerability note: VU#371382 http://www.kb.cert.org/vuls/id/371382 CERT/CC vulnerability note: VU#444158 http://www.kb.cert.org/vuls/id/444158 CERT/CC vulnerability note: VU#503030 http://www.kb.cert.org/vuls/id/503030 CERT/CC vulnerability note: VU#527142 http://www.kb.cert.org/vuls/id/527142 CERT/CC vulnerability note: VU#871838 http://www.kb.cert.org/vuls/id/871838 Conectiva Linux advisory: CLA-2004:813 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813 Debian Security Information: DSA-434 (Google Search) http://www.debian.org/security/2004/dsa-434 http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html http://security.gentoo.org/glsa/glsa-200401-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:006 http://security.e-matters.de/advisories/012004.html http://www.osvdb.org/3731 http://www.osvdb.org/3732 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10222 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A818 http://www.redhat.com/support/errata/RHSA-2004-032.html http://www.redhat.com/support/errata/RHSA-2004-033.html http://www.redhat.com/support/errata/RHSA-2004-045.html http://www.securitytracker.com/id?1008850 SGI Security Advisory: 20040201-01-U ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc SGI Security Advisory: 20040202-01-U ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158 SuSE Security Announcement: SuSE-SA:2004:004 (Google Search) http://www.novell.com/linux/security/advisories/2004_04_gaim.html XForce ISS Database: gaim-http-proxy-bo(14947) https://exchange.xforce.ibmcloud.com/vulnerabilities/14947 XForce ISS Database: gaim-login-name-bo(14940) https://exchange.xforce.ibmcloud.com/vulnerabilities/14940 XForce ISS Database: gaim-login-value-bo(14941) https://exchange.xforce.ibmcloud.com/vulnerabilities/14941 XForce ISS Database: gaim-urlparser-bo(14945) https://exchange.xforce.ibmcloud.com/vulnerabilities/14945 XForce ISS Database: gaim-yahoopacketread-keyname-bo(14943) https://exchange.xforce.ibmcloud.com/vulnerabilities/14943 XForce ISS Database: gaim-yahoowebpending-cookie-bo(14939) https://exchange.xforce.ibmcloud.com/vulnerabilities/14939 Common Vulnerability Exposure (CVE) ID: CVE-2004-0008 Bugtraq: 20040127 [slackware-security] GAIM security update (SSA:2004-026-01) (Google Search) http://marc.info/?l=bugtraq&m=107522338611564&w=2 CERT/CC vulnerability note: VU#779614 http://www.kb.cert.org/vuls/id/779614 http://www.osvdb.org/3734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A820 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9469 XForce ISS Database: gaim-directim-bo(14937) https://exchange.xforce.ibmcloud.com/vulnerabilities/14937
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.