ID de Prueba:	1.3.6.1.4.1.25623.1.0.55315
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLSA-2005:1006
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLSA-2005:1006. This announcement fixes many vulnerabilities that were encountered in Gaim. These vulnerabilities are: CVE-2005-1269 Gaim allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. CVE-2005-1934 Gaim allows remote attackers to cause a denial of service (application crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. CVE-2005-2370 Multiple 'memory alignment errors' in libgadu allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. CVE-2005-2102 The AIM/ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters. CVE-2005-2103 Buffer overflow in the AIM and ICQ module in Gaim allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n. For further informations on Gaim's vulnerabilities, please refer to the project's security page. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001006 http://gaim.sourceforge.net/ http://gaim.sourceforge.net/security/ Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1269 13931 http://www.securityfocus.com/bid/13931 DSA-734 http://www.debian.org/security/2005/dsa-734 FLSA:158543 http://www.securityfocus.com/archive/1/426078/100/0/threaded GLSA-200506-11 http://security.gentoo.org/glsa/glsa-200506-11.xml MDKSA-2005:099 http://www.mandriva.com/security/advisories?name=MDKSA-2005:099 RHSA-2005:518 http://www.redhat.com/support/errata/RHSA-2005-518.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html USN-139-1 https://usn.ubuntu.com/139-1/ http://gaim.sourceforge.net/security/?id=18 oval:org.mitre.oval:def:744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A744 oval:org.mitre.oval:def:9544 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9544 Common Vulnerability Exposure (CVE) ID: CVE-2005-1934 13932 http://www.securityfocus.com/bid/13932 http://sourceforge.net/tracker/index.php?func=detail&aid=1205290&group_id=235&atid=100235 oval:org.mitre.oval:def:10368 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10368 oval:org.mitre.oval:def:263 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A263 Common Vulnerability Exposure (CVE) ID: CVE-2005-2370 BugTraq ID: 24600 http://www.securityfocus.com/bid/24600 Bugtraq: 20050721 Multiple vulnerabilities in libgadu and ekg package (Google Search) http://marc.info/?l=bugtraq&m=112198499417250&w=2 Debian Security Information: DSA-1318 (Google Search) http://www.debian.org/security/2007/dsa-1318 Debian Security Information: DSA-813 (Google Search) http://www.debian.org/security/2005/dsa-813 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10456 http://www.redhat.com/support/errata/RHSA-2005-627.html http://secunia.com/advisories/16265 Common Vulnerability Exposure (CVE) ID: CVE-2005-2102 14531 http://www.securityfocus.com/bid/14531 RHSA-2005:627 SUSE-SR:2005:019 http://www.novell.com/linux/security/advisories/2005_19_sr.html USN-168-1 https://usn.ubuntu.com/168-1/ http://gaim.sourceforge.net/security/?id=21 oval:org.mitre.oval:def:9283 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9283 Common Vulnerability Exposure (CVE) ID: CVE-2005-2103 RHSA-2005:589 http://www.redhat.com/support/errata/RHSA-2005-589.html http://gaim.sourceforge.net/security/?id=22 oval:org.mitre.oval:def:11477 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11477
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.