| Description: | Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.
Vulnerability Insight:
The following packages are affected:
gaim, ja-gaim, ko-gaim, ru-gaim, kdenetwork, pl-ekg, centericq, pl-gnugadu
CVE-2005-1850
Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier
create temporary files insecurely, with unknown impact and attack
vectors, a different vulnerability than CVE-2005-1916.
CVE-2005-1851
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier
allows attackers to execute shell commands via unknown attack vectors.
CVE-2005-1852
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3
to 3.4.1, ekg before 1.6rc3, and other packages, allows remote
attackers to cause a denial of service (crash) and possibly execute
arbitrary code via an incoming message.
CVE-2005-2369
Multiple integer signedness errors in libgadu, as used in ekg before
1.6rc2 and other packages, may allow remote attackers to cause a
denial of service or execute arbitrary code.
CVE-2005-2370
Multiple 'memory alignment errors' in libgadu, as used in ekg before
1.6rc2 and other packages, allows remote attackers to cause a denial
of service (bus error) on certain architectures such as SPARC via an
incoming message.
CVE-2005-2448
Multiple 'endianness errors' in libgadu in ekg before 1.6rc2 allow
remote attackers to cause a denial of service (invalid behaviour in
applications) on big-endian systems.
Solution:
Update your system with the appropriate patches or
software upgrades.
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
