Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51832
Category:Red Hat Local Security Checks
Title:RedHat Security Advisory RHSA-2005:215
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory RHSA-2005:215.

The Gaim application is a multi-protocol instant messaging client.

Two HTML parsing bugs were discovered in Gaim. It is possible that a remote
attacker could send a specially crafted message to a Gaim client, causing
it to crash. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the names CVE-2005-0208 and CVE-2005-0473 to
these issues.

A bug in the way Gaim processes SNAC packets was discovered. It is
possible that a remote attacker could send a specially crafted SNAC packet
to a Gaim client, causing the client to stop responding. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0472 to this issue.

Additionally, various client crashes, memory leaks, and protocol issues
have been resolved.

Users of Gaim are advised to upgrade to this updated package which contains
Gaim version 1.1.4 and is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-215.html
http://gaim.sourceforge.net/security/index.php?id=10
http://gaim.sourceforge.net/security/index.php?id=11
http://gaim.sourceforge.net/security/index.php?id=12

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0208
BugTraq ID: 12660
http://www.securityfocus.com/bid/12660
Bugtraq: 20050225 [USN-85-1] Gaim vulnerabilities (Google Search)
http://marc.info/?l=bugtraq&m=110935655500670&w=2
CERT/CC vulnerability note: VU#795812
http://www.kb.cert.org/vuls/id/795812
Conectiva Linux advisory: CLA-2005:933
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933
http://www.securityfocus.com/archive/1/426078/100/0/threaded
http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:049
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10477
http://www.redhat.com/support/errata/RHSA-2005-215.html
http://secunia.com/advisories/14386
SuSE Security Announcement: SUSE-SA:2005:036 (Google Search)
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Common Vulnerability Exposure (CVE) ID: CVE-2005-0472
BugTraq ID: 12589
http://www.securityfocus.com/bid/12589
CERT/CC vulnerability note: VU#839280
http://www.kb.cert.org/vuls/id/839280
Debian Security Information: DSA-716 (Google Search)
http://www.debian.org/security/2005/dsa-716
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10433
http://www.redhat.com/support/errata/RHSA-2005-432.html
http://secunia.com/advisories/14322
XForce ISS Database: gaim-snac-dos(19380)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19380
Common Vulnerability Exposure (CVE) ID: CVE-2005-0473
CERT/CC vulnerability note: VU#523888
http://www.kb.cert.org/vuls/id/523888
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10212
XForce ISS Database: gaim-html-dos(19381)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19381
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.