ID de Prueba:	1.3.6.1.4.1.25623.1.0.52112
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2005:949
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2005:949. Gaim is a multi-protocol instant messaging (IM) client. This announcement fixes three denial of service vulnerabilities that were encountered in Gaim. The fixed vulnerabilities are: CVE-2005-0965: The gaim_markup_strip_html function allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. CVE-2005-0966: The IRC protocol plugin allowed (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. CVE-2005-0967: Sending a Gaim Jabber user a certain invalid file transfer request triggered an out-of-bounds read which caused Gaim to crash. For further informations on Gaim's vulnerabilities, please refer to the project's security page. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://gaim.sourceforge.net/ http://gaim.sourceforge.net/security/ http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:949 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000949 Risk factor : High CVSS Score: 6.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0965 12999 http://www.securityfocus.com/bid/12999 14815 http://secunia.com/advisories/14815 20050401 multiple remote denial of service vulnerabilities in Gaim http://marc.info/?l=bugtraq&m=111238715307356&w=2 FLSA:158543 http://www.securityfocus.com/archive/1/426078/100/0/threaded MDKSA-2005:071 http://www.mandriva.com/security/advisories?name=MDKSA-2005:071 RHSA-2005:365 http://www.redhat.com/support/errata/RHSA-2005-365.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html http://gaim.sourceforge.net/security/index.php?id=13 oval:org.mitre.oval:def:11292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11292 Common Vulnerability Exposure (CVE) ID: CVE-2005-0966 13003 http://www.securityfocus.com/bid/13003 gaim-irc-plugin-bo(19937) https://exchange.xforce.ibmcloud.com/vulnerabilities/19937 gaim-ircmsginvite-dos(19939) https://exchange.xforce.ibmcloud.com/vulnerabilities/19939 http://gaim.sourceforge.net/security/index.php?id=14 http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750 oval:org.mitre.oval:def:9185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9185 Common Vulnerability Exposure (CVE) ID: CVE-2005-0967 1013645 http://securitytracker.com/id?1013645 13004 http://www.securityfocus.com/bid/13004 http://gaim.sourceforge.net/security/?id=15 http://sourceforge.net/tracker/?func=detail&aid=1172115&group_id=235&atid=100235 oval:org.mitre.oval:def:9657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9657
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.