 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52688 |
| Category: | Ubuntu Local Security Checks |
| Title: | Ubuntu USN-125-1 (gaim) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to gaim announced via advisory USN-125-1. A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: gaim gaim-data Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user. (CVE-2005-0967) Stu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a remote attacker could crash Gaim or execute arbitrary code with the privileges of the user. This was not possible on all protocols, due to message length restrictions. Jabber are SILC were known to be vulnerable. (CVE-2005-1261) Siebe Tolsma discovered a Denial of Service attack in the MSN handler. By sending a specially crafted SLP message with an empty body, a remote attacker could crash Gaim. (CVE-2005-1262) Solution: The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.4 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.1 (for Ubuntu 5.04). After a standard system upgrade you have to restart Gaim to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-125-1 Risk factor : High CVSS Score: 7.5 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0967 1013645 http://securitytracker.com/id?1013645 13004 http://www.securityfocus.com/bid/13004 14815 http://secunia.com/advisories/14815 FLSA:158543 http://www.securityfocus.com/archive/1/426078/100/0/threaded MDKSA-2005:071 http://www.mandriva.com/security/advisories?name=MDKSA-2005:071 RHSA-2005:365 http://www.redhat.com/support/errata/RHSA-2005-365.html SUSE-SA:2005:036 http://www.novell.com/linux/security/advisories/2005_36_sudo.html http://gaim.sourceforge.net/security/?id=15 http://sourceforge.net/tracker/?func=detail&aid=1172115&group_id=235&atid=100235 oval:org.mitre.oval:def:9657 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9657 Common Vulnerability Exposure (CVE) ID: CVE-2005-1261 13590 http://www.securityfocus.com/bid/13590 ADV-2005-0519 http://www.vupen.com/english/advisories/2005/0519 RHSA-2005:429 http://www.redhat.com/support/errata/RHSA-2005-429.html RHSA-2005:432 http://www.redhat.com/support/errata/RHSA-2005-432.html http://gaim.sourceforge.net/security/index.php?id=16 oval:org.mitre.oval:def:10725 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10725 Common Vulnerability Exposure (CVE) ID: CVE-2005-1262 13591 http://www.securityfocus.com/bid/13591 http://gaim.sourceforge.net/security/index.php?id=17 oval:org.mitre.oval:def:10861 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10861 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |