Test ID:	1.3.6.1.4.1.25623.1.0.52073
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:071 (gaim)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gaim announced via advisory MDKSA-2005:071. More vulnerabilities have been discovered in the gaim instant messaging client: A buffer overflow vulnerability was found in the way that gaim escapes HTML, allowing a remote attacker to send a specially crafted message to a gaim client and causing it to crash (CVE-2005-0965). A bug was discovered in several of gaim's IRC processing functions that fail to properly remove various markup tags within an IRC message. This could allow a remote attacker to send specially crafted message to a gaim client connected to an IRC server, causing it to crash (CVE-2005-0966). Finally, a problem was found in gaim's Jabber message parser that would allow a remote Jabber user to send a specially crafted message to a gaim client, bausing it to crash (CVE-2005-0967). Gaim version 1.2.1 is not vulnerable to these issues and is provided with this update. Affected versions: 10.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:071 Risk factor : High CVSS Score: 6.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0965 12999 http://www.securityfocus.com/bid/12999 14815 http://secunia.com/advisories/14815 20050401 multiple remote denial of service vulnerabilities in Gaim http://marc.info/?l=bugtraq&m=111238715307356&w=2 FLSA:158543 http://www.securityfocus.com/archive/1/426078/100/0/threaded MDKSA-2005:071 http://www.mandriva.com/security/advisories?name=MDKSA-2005:071 RHSA-2005:365 http://www.redhat.com/support/errata/RHSA-2005-365.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html http://gaim.sourceforge.net/security/index.php?id=13 oval:org.mitre.oval:def:11292 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11292 Common Vulnerability Exposure (CVE) ID: CVE-2005-0966 13003 http://www.securityfocus.com/bid/13003 gaim-irc-plugin-bo(19937) https://exchange.xforce.ibmcloud.com/vulnerabilities/19937 gaim-ircmsginvite-dos(19939) https://exchange.xforce.ibmcloud.com/vulnerabilities/19939 http://gaim.sourceforge.net/security/index.php?id=14 http://sourceforge.net/project/shownotes.php?group_id=235&release_id=317750 oval:org.mitre.oval:def:9185 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9185 Common Vulnerability Exposure (CVE) ID: CVE-2005-0967 1013645 http://securitytracker.com/id?1013645 13004 http://www.securityfocus.com/bid/13004 http://gaim.sourceforge.net/security/?id=15 http://sourceforge.net/tracker/?func=detail&aid=1172115&group_id=235&atid=100235 oval:org.mitre.oval:def:9657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9657
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.