Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:604

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51155

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:604

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:604.

The gaim application is a multi-protocol instant messaging client.

A buffer overflow has been discovered in the MSN protocol handler. When
receiving unexpected sequence of MSNSLP messages, it is possible that an
attacker could cause an internal buffer overflow, leading to a crash or
possible code execution. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-0891 to this issue.

This updated gaim package also fixes multiple user interface, protocol, and
error handling problems, including an ICQ communication encoding issue.

Additionally, these updated packages have compiled gaim as a PIE (position
independent executable) for added protection against future security
vulnerabilities.

All users of gaim should upgrade to this updated package, which includes
various bug fixes, as well as a backported security patch.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-604.html

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0891
https://bugzilla.fedora.us/show_bug.cgi?id=2188
http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790
http://www.redhat.com/support/errata/RHSA-2004-604.html
https://www.ubuntu.com/usn/usn-8-1/
XForce ISS Database: gaim-file-transfer-dos(17790)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17790
XForce ISS Database: gaim-msn-slp-bo(17786)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17786
XForce ISS Database: gaim-msn-slp-dos(17787)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17787

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51155
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:604
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:604. The gaim application is a multi-protocol instant messaging client. A buffer overflow has been discovered in the MSN protocol handler. When receiving unexpected sequence of MSNSLP messages, it is possible that an attacker could cause an internal buffer overflow, leading to a crash or possible code execution. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0891 to this issue. This updated gaim package also fixes multiple user interface, protocol, and error handling problems, including an ICQ communication encoding issue. Additionally, these updated packages have compiled gaim as a PIE (position independent executable) for added protection against future security vulnerabilities. All users of gaim should upgrade to this updated package, which includes various bug fixes, as well as a backported security patch. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-604.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0891 https://bugzilla.fedora.us/show_bug.cgi?id=2188 http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790 http://www.redhat.com/support/errata/RHSA-2004-604.html https://www.ubuntu.com/usn/usn-8-1/ XForce ISS Database: gaim-file-transfer-dos(17790) https://exchange.xforce.ibmcloud.com/vulnerabilities/17790 XForce ISS Database: gaim-msn-slp-bo(17786) https://exchange.xforce.ibmcloud.com/vulnerabilities/17786 XForce ISS Database: gaim-msn-slp-dos(17787) https://exchange.xforce.ibmcloud.com/vulnerabilities/17787
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com