Executive Summary
Summary | |
---|---|
Title | gaim security update |
Informations | |||
---|---|---|---|
Name | RHSA-2005:518 | First vendor Publication | 2005-06-16 |
Vendor | RedHat | Last vendor Modification | 2005-06-16 |
Severity (Vendor) | Moderate | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: An updated gaim package that fixes two denial of service issues is now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: Red Hat Enterprise Linux AS version 3 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Desktop version 3 - i386, x86_64 Red Hat Enterprise Linux ES version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 3 - i386, ia64, x86_64 Red Hat Enterprise Linux AS version 4 - i386, ia64, ppc, s390, s390x, x86_64 Red Hat Enterprise Linux Desktop version 4 - i386, x86_64 Red Hat Enterprise Linux ES version 4 - i386, ia64, x86_64 Red Hat Enterprise Linux WS version 4 - i386, ia64, x86_64 3. Problem description: The Gaim application is a multi-protocol instant messaging client. Jacopo Ottaviani discovered a bug in the way Gaim handles Yahoo! Messenger file transfers. It is possible for a malicious user to send a specially crafted file transfer request that causes Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1269 to this issue. Additionally, Hugo de Bokkenrijder discovered a bug in the way Gaim parses MSN Messenger messages. It is possible for a malicious user to send a specially crafted MSN Messenger message that causes Gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1934 to this issue. Users of gaim are advised to upgrade to this updated package, which contains version 1.3.1 and is not vulnerable to these issues. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date This will start an interactive process that will result in the appropriate RPMs being upgraded on your system. 5. Bug IDs fixed (http://bugzilla.redhat.com/): 159691 - CAN-2005-1269 Gaim yahoo utf8 crasher 159961 - CAN-2005-1934 Gaim MSN protocol DoS |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2005-518.html |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10368 | |||
Oval ID: | oval:org.mitre.oval:def:10368 | ||
Title: | Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. | ||
Description: | Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1934 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:263 | |||
Oval ID: | oval:org.mitre.oval:def:263 | ||
Title: | Gaim DoS via Malformed MSN Message | ||
Description: | Gaim before 1.3.1 allows remote attackers to cause a denial of service (crash) via a malformed MSN message that leads to a memory allocation of a large size, possibly due to an integer signedness error. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1934 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | Gaim |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:744 | |||
Oval ID: | oval:org.mitre.oval:def:744 | ||
Title: | Gaim DoS via Yahoo! Message | ||
Description: | Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1269 | Version: | 1 |
Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | Gaim |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9544 | |||
Oval ID: | oval:org.mitre.oval:def:9544 | ||
Title: | Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. | ||
Description: | Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1269 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200506-11 (gaim) File : nvt/glsa_200506_11.nasl |
2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim14.nasl |
2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim15.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 734-1 (gaim) File : nvt/deb_734_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
17237 | Gaim Malformed MSN Message DoS gaim contains a flaw that may allow a remote denial of service. The issue is triggered when sending a malformed MSN message, which causes the application to crash resulting in a loss of availability. |
17236 | Gaim Yahoo! Module non-ASCII Filename DoS GAIM Yahoo! module contains a flaw that may allow a remote denial of service. The issue is triggered when the Yahoo module attempts to process a non-ASCII filename during a file transfer, and will result in loss of availability for the client. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-518.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-139-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-140-1.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_2701611fdf5c11d9b8750001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_b6612eeedf5f11d9b8750001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-07-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-734.nasl - Type : ACT_GATHER_INFO |
2005-06-17 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-518.nasl - Type : ACT_GATHER_INFO |
2005-06-16 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-099.nasl - Type : ACT_GATHER_INFO |
2005-06-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200506-11.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:49:28 |
|