English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51334
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLA-2004:813
Summary:Conectiva Security Advisory CLA-2004:813
Description:
The remote host is missing updates announced in
advisory CLA-2004:813.

Gaim is a multi-protocol, multi-platform instant messaging client.

Stefan Esser found[1] several remote vulnerabilities in Gaim. A
remote attacker can use specially crafted network packets to exploit
at least one of these vulnerabilities and execute arbitrary code in
the context of the user running the program or cause a denial of
service condition.

This update includes updated packages for Conectiva Linux 8 (Gaim
0.58.8) and Conectiva Linux 9 (Gaim 0.75). The vulnerabilities vary
accordingly to the version used, but both are susceptible to remote
attacks.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the names CVE-2004-0005, CVE-2004-0006, CVE-2004-0007
and CVE-2004-0008 to the issues discovered[2,3,4,5].


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://security.e-matters.de/advisories/012004.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0005
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0008
http://www.securityspace.com/smysecure/catid.html?in=CLA-2004:813
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002004

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2004-0005
Bugtraq: 20040126 Advisory 01/2004: 12 x Gaim remote overflows (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107513690306318&w=2
http://archives.neohapsis.com/archives/fulldisclosure/2004-01/0994.html
http://security.e-matters.de/advisories/012004.html
Conectiva Linux advisory: CLA-2004:813
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000813
Debian Security Information: DSA-434 (Google Search)
http://www.debian.org/security/2004/dsa-434
http://www.linuxsecurity.com/content/view/105690/104/
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
SuSE Security Announcement: SuSE-SA:2004:004 (Google Search)
http://www.novell.com/linux/security/advisories/2004_04_gaim.html
CERT/CC vulnerability note: VU#190366
http://www.kb.cert.org/vuls/id/190366
CERT/CC vulnerability note: VU#226974
http://www.kb.cert.org/vuls/id/226974
CERT/CC vulnerability note: VU#404470
http://www.kb.cert.org/vuls/id/404470
CERT/CC vulnerability note: VU#655974
http://www.kb.cert.org/vuls/id/655974
http://www.osvdb.org/3736
http://www.securitytracker.com/id?1008850
XForce ISS Database: gaim-mime-decoder-bo(14942)
http://xforce.iss.net/xforce/xfdb/14942
XForce ISS Database: gaim-mime-decoder-oob(14944)
http://xforce.iss.net/xforce/xfdb/14944
XForce ISS Database: gaim-yahoodecode-offbyone-bo(14935)
http://xforce.iss.net/xforce/xfdb/14935
XForce ISS Database: gaim-sscanf-oob(14938)
http://xforce.iss.net/xforce/xfdb/14938
Common Vulnerability Exposure (CVE) ID: CVE-2004-0006
Bugtraq: 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107522432613022&w=2
http://www.redhat.com/support/errata/RHSA-2004-032.html
http://www.redhat.com/support/errata/RHSA-2004-033.html
http://www.redhat.com/support/errata/RHSA-2004-045.html
http://www.mandriva.com/security/advisories?name=MDKSA-2004:006
SGI Security Advisory: 20040202-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040202-01-U.asc
SGI Security Advisory: 20040201-01-U
ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
http://security.gentoo.org/glsa/glsa-200401-04.xml
CERT/CC vulnerability note: VU#297198
http://www.kb.cert.org/vuls/id/297198
CERT/CC vulnerability note: VU#371382
http://www.kb.cert.org/vuls/id/371382
CERT/CC vulnerability note: VU#444158
http://www.kb.cert.org/vuls/id/444158
CERT/CC vulnerability note: VU#503030
http://www.kb.cert.org/vuls/id/503030
CERT/CC vulnerability note: VU#527142
http://www.kb.cert.org/vuls/id/527142
CERT/CC vulnerability note: VU#871838
http://www.kb.cert.org/vuls/id/871838
BugTraq ID: 9489
http://www.securityfocus.com/bid/9489
http://www.osvdb.org/3731
http://www.osvdb.org/3732
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:818
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10222
XForce ISS Database: gaim-http-proxy-bo(14947)
http://xforce.iss.net/xforce/xfdb/14947
XForce ISS Database: gaim-login-name-bo(14940)
http://xforce.iss.net/xforce/xfdb/14940
XForce ISS Database: gaim-login-value-bo(14941)
http://xforce.iss.net/xforce/xfdb/14941
XForce ISS Database: gaim-urlparser-bo(14945)
http://xforce.iss.net/xforce/xfdb/14945
XForce ISS Database: gaim-yahoopacketread-keyname-bo(14943)
http://xforce.iss.net/xforce/xfdb/14943
XForce ISS Database: gaim-yahoowebpending-cookie-bo(14939)
http://xforce.iss.net/xforce/xfdb/14939
Common Vulnerability Exposure (CVE) ID: CVE-2004-0007
http://www.securityfocus.com/advisories/6281
CERT/CC vulnerability note: VU#197142
http://www.kb.cert.org/vuls/id/197142
http://www.osvdb.org/3733
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:819
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9906
XForce ISS Database: gaim-extractinfo-bo(14946)
http://xforce.iss.net/xforce/xfdb/14946
Common Vulnerability Exposure (CVE) ID: CVE-2004-0008
Bugtraq: 20040127 [slackware-security] GAIM security update (SSA:2004-026-01) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=107522338611564&w=2
CERT/CC vulnerability note: VU#779614
http://www.kb.cert.org/vuls/id/779614
http://www.osvdb.org/3734
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:820
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9469
XForce ISS Database: gaim-directim-bo(14937)
http://xforce.iss.net/xforce/xfdb/14937
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.