Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:639

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.54391

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:639

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:639.

The kdenetwork package contains networking applications for the K Desktop
Environment. Kopete is a KDE instant messenger which supports a number of
protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu.

Multiple integer overflow flaws were found in the way Kopete processes
Gadu-Gadu messages. A remote attacker could send a specially crafted
Gadu-Gadu message which would cause Kopete to crash or possibly execute
arbitrary code. The Common Vulnerabilities and Exposures project
assigned the name CVE-2005-1852 to this issue.

In order to be affected by this issue, a user would need to have registered
with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive
a malicious message. In addition, Red Hat believes that the Exec-shield
technology (enabled by default in Red Hat Enterprise Linux 4) would block
attempts to remotely exploit this vulnerability.

Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3.

Users of Kopete should update to these packages which contain a
patch to correct this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-639.html
http://www.kde.org/info/security/advisory-20050721-1.txt

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: BugTraq ID: 14345
Common Vulnerability Exposure (CVE) ID: CVE-2005-1852
http://www.securityfocus.com/bid/14345
Bugtraq: 20050721 Multiple vulnerabilities in libgadu and ekg package (Google Search)
http://marc.info/?l=bugtraq&m=112198499417250&w=2
http://lwn.net/Articles/144724/
http://security.gentoo.org/glsa/glsa-200507-23.xml
http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9532
http://www.redhat.com/support/errata/RHSA-2005-639.html
http://secunia.com/advisories/16140
http://secunia.com/advisories/16155
http://secunia.com/advisories/16211
http://secunia.com/advisories/16242
SuSE Security Announcement: SUSE-SR:2005:019 (Google Search)
http://www.novell.com/linux/security/advisories/2005_19_sr.html

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.54391
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:639
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:639. The kdenetwork package contains networking applications for the K Desktop Environment. Kopete is a KDE instant messenger which supports a number of protocols including ICQ, MSN, Yahoo, Jabber, and Gadu-Gadu. Multiple integer overflow flaws were found in the way Kopete processes Gadu-Gadu messages. A remote attacker could send a specially crafted Gadu-Gadu message which would cause Kopete to crash or possibly execute arbitrary code. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1852 to this issue. In order to be affected by this issue, a user would need to have registered with Gadu-Gadu and be signed in to the Gadu-Gadu server in order to receive a malicious message. In addition, Red Hat believes that the Exec-shield technology (enabled by default in Red Hat Enterprise Linux 4) would block attempts to remotely exploit this vulnerability. Note that this issue does not affect Red Hat Enterprise Linux 2.1 or 3. Users of Kopete should update to these packages which contain a patch to correct this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-639.html http://www.kde.org/info/security/advisory-20050721-1.txt Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	BugTraq ID: 14345 Common Vulnerability Exposure (CVE) ID: CVE-2005-1852 http://www.securityfocus.com/bid/14345 Bugtraq: 20050721 Multiple vulnerabilities in libgadu and ekg package (Google Search) http://marc.info/?l=bugtraq&m=112198499417250&w=2 http://lwn.net/Articles/144724/ http://security.gentoo.org/glsa/glsa-200507-23.xml http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9532 http://www.redhat.com/support/errata/RHSA-2005-639.html http://secunia.com/advisories/16140 http://secunia.com/advisories/16155 http://secunia.com/advisories/16211 http://secunia.com/advisories/16242 SuSE Security Announcement: SUSE-SR:2005:019 (Google Search) http://www.novell.com/linux/security/advisories/2005_19_sr.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com