 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.71258 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DSA-2453-1) |
| Summary: | The remote host is missing an update for the Debian 'gajim' package(s) announced via the DSA-2453-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'gajim' package(s) announced via the DSA-2453-1 advisory. Vulnerability Insight: Several vulnerabilities have been discovered in Gajim, a feature-rich Jabber client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-1987 Gajim is not properly sanitizing input before passing it to shell commands. An attacker can use this flaw to execute arbitrary code on behalf of the victim if the user e.g. clicks on a specially crafted URL in an instant message. CVE-2012-2093 Gajim is using predictable temporary files in an insecure manner when converting instant messages containing LaTeX to images. A local attacker can use this flaw to conduct symlink attacks and overwrite files the victim has write access to. CVE-2012-2086 Gajim is not properly sanitizing input when logging conversations which results in the possibility to conduct SQL injection attacks. For the stable distribution (squeeze), this problem has been fixed in version 0.13.4-3+squeeze3. For the testing distribution (wheezy), this problem has been fixed in version 0.15-1. For the unstable distribution (sid), this problem has been fixed in version 0.15-1. We recommend that you upgrade your gajim packages. Affected Software/OS: 'gajim' package(s) on Debian 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-2085 48708 http://secunia.com/advisories/48708 48794 http://secunia.com/advisories/48794 52943 http://www.securityfocus.com/bid/52943 GLSA-201208-04 http://security.gentoo.org/glsa/glsa-201208-04.xml [oss-security] 20120408 CVE request: gajim - code execution and sql injection http://www.openwall.com/lists/oss-security/2012/04/08/1 [oss-security] 20120408 Re: CVE request: gajim - code execution and sql injection http://www.openwall.com/lists/oss-security/2012/04/08/2 https://trac.gajim.org/changeset/bc296e96ac10 https://trac.gajim.org/ticket/7031 Common Vulnerability Exposure (CVE) ID: CVE-2012-2086 https://trac.gajim.org/changeset/988e38ce0e0c https://trac.gajim.org/ticket/7034 Common Vulnerability Exposure (CVE) ID: CVE-2012-2093 48695 http://secunia.com/advisories/48695 53017 http://www.securityfocus.com/bid/53017 FEDORA-2012-6001 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079237.html FEDORA-2012-6061 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079241.html FEDORA-2012-6161 http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079169.html [oss-security] 20120410 RE: gajim insecure file creation when using latex http://www.openwall.com/lists/oss-security/2012/04/10/15 [oss-security] 20120410 gajim insecure file creation when using latex http://www.openwall.com/lists/oss-security/2012/04/10/6 gajim-gettmpfilename-symlink(74869) https://exchange.xforce.ibmcloud.com/vulnerabilities/74869 http://hg.gajim.org/gajim/rev/f046e4aaf7d4 https://trac.gajim.org/changeset/13759/src/common/latex.py |
| Copyright | Copyright (C) 2012 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |