English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.50646
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2004:006-1 (gaim)
Summary:Mandrake Security Advisory MDKSA-2004:006-1 (gaim)
Description:
The remote host is missing an update to gaim
announced via advisory MDKSA-2004:006-1.

A number of vulnerabilities were discovered in the gaim instant
messenger program by Steffan Esser, versions 0.75 and earlier.
Thanks to Jacques A. Vidrine for providing initial patches.

Multiple buffer overflows exist in gaim 0.75 and earlier: When
parsing cookies in a Yahoo web connection
YMSG protocol overflows
parsing the Yahoo login webpage
a YMSG packet overflow
flaws in
the URL parser
and flaws in the HTTP Proxy connect (CAN-2004-006).

A buffer overflow in gaim 0.74 and earlier in the Extract Info Field
Function used for MSN and YMSG protocol handlers (CAN-2004-007).

An integer overflow in gaim 0.74 and earlier, when allocating memory
for a directIM packet results in a heap overflow (CVE-2004-0008).

Update:

The patch used to correct the problem was slightly malformed and
could cause an infinite loop and crash with the Yahoo protocol.
The new packages have a corrected patch that resolves the problem.

Affected versions: 9.1, 9.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:006-1
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0008

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0008
Bugtraq: 20040126 Advisory 01/2004: 12 x Gaim remote overflows (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
http://security.e-matters.de/advisories/012004.html
Bugtraq: 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
http://www.redhat.com/support/errata/RHSA-2004-032.html
http://www.redhat.com/support/errata/RHSA-2004-033.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
Debian Security Information: DSA-434 (Google Search)
http://www.debian.org/security/2004/dsa-434
http://www.redhat.com/support/errata/RHSA-2004-045.html
Conectiva Linux advisory: CLA-2004:813
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
SGI Security Advisory: 20040201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Bugtraq: 20040127 [slackware-security] GAIM security update (SSA:2004-026-01) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2
http://security.gentoo.org/glsa/glsa-200401-04.xml
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
CERT/CC vulnerability note: VU#779614
http://www.kb.cert.org/vuls/id/779614
http://www.osvdb.org/3734
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:820
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9469
http://www.securitytracker.com/id?1008850
XForce ISS Database: gaim-directim-bo(14937)
http://xforce.iss.net/xforce/xfdb/14937
Common Vulnerability Exposure (CVE) ID: CVE-2004-0006
SuSE Security Announcement: SuSE-SA:2004:004 (Google Search)
http://www.novell.com/linux/security/advisories/2004_04_gaim.html
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
CERT/CC vulnerability note: VU#297198
http://www.kb.cert.org/vuls/id/297198
CERT/CC vulnerability note: VU#371382
http://www.kb.cert.org/vuls/id/371382
CERT/CC vulnerability note: VU#444158
http://www.kb.cert.org/vuls/id/444158
CERT/CC vulnerability note: VU#503030
http://www.kb.cert.org/vuls/id/503030
CERT/CC vulnerability note: VU#527142
http://www.kb.cert.org/vuls/id/527142
CERT/CC vulnerability note: VU#871838
http://www.kb.cert.org/vuls/id/871838
BugTraq ID: 9489
http://www.securityfocus.com/bid/9489
http://www.osvdb.org/3731
http://www.osvdb.org/3732
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:818
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10222
XForce ISS Database: gaim-http-proxy-bo(14947)
http://xforce.iss.net/xforce/xfdb/14947
XForce ISS Database: gaim-login-name-bo(14940)
http://xforce.iss.net/xforce/xfdb/14940
XForce ISS Database: gaim-login-value-bo(14941)
http://xforce.iss.net/xforce/xfdb/14941
XForce ISS Database: gaim-urlparser-bo(14945)
http://xforce.iss.net/xforce/xfdb/14945
XForce ISS Database: gaim-yahoopacketread-keyname-bo(14943)
http://xforce.iss.net/xforce/xfdb/14943
XForce ISS Database: gaim-yahoowebpending-cookie-bo(14939)
http://xforce.iss.net/xforce/xfdb/14939
Common Vulnerability Exposure (CVE) ID: CVE-2004-0007
http://www.securityfocus.com/advisories/6281
CERT/CC vulnerability note: VU#197142
http://www.kb.cert.org/vuls/id/197142
http://www.osvdb.org/3733
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:819
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9906
XForce ISS Database: gaim-extractinfo-bo(14946)
http://xforce.iss.net/xforce/xfdb/14946
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.