Executive Summary
| Summary | |
|---|---|
| Title | Gaim vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-125-1 | First vendor Publication | 2005-05-12 |
| Vendor | Ubuntu | Last vendor Modification | 2005-05-12 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 7.5 | Attack Range | Network |
| Cvss Impact Score | 6.4 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 4.10 (Warty Warthog) Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: gaim gaim-data The problem can be corrected by upgrading the affected package to version 1:1.0.0-1ubuntu1.4 (for Ubuntu 4.10), or 1:1.1.4-1ubuntu4.1 (for Ubuntu 5.04). After a standard system upgrade you have to restart Gaim to effect the necessary changes. Details follow: Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user. (CAN-2005-0967) Stu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a remote attacker could crash Gaim or execute arbitrary code with the privileges of the user. This was not possible on all protocols, due to message length restrictions. Jabber are SILC were known to be vulnerable. (CAN-2005-1261) Siebe Tolsma discovered a Denial of Service attack in the MSN handler. By sending a specially crafted SLP message with an empty body, a remote attacker could crash Gaim. (CAN-2005-1262) |
Original Source
| Url : http://www.ubuntu.com/usn/USN-125-1 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10725 | |||
| Oval ID: | oval:org.mitre.oval:def:10725 | ||
| Title: | Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. | ||
| Description: | Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-1261 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:10861 | |||
| Oval ID: | oval:org.mitre.oval:def:10861 | ||
| Title: | Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. | ||
| Description: | Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-1262 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:9657 | |||
| Oval ID: | oval:org.mitre.oval:def:9657 | ||
| Title: | Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read. | ||
| Description: | Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2005-0967 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200504-05 (Gaim) File : nvt/glsa_200504_05.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200505-09 (gaim) File : nvt/glsa_200505_09.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim12.nasl |
| 2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim13.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 16348 | Gaim Malformed MSN Message Remote DoS Gaim contains a flaw that may allow a remote denial of service. The issue is triggered when a client sends an SLP message with an empty body, and will result in loss of availability for the application. |
| 16347 | Gaim Multiple Protocol URL Processing Overflow |
| 15278 | Gaim Jabber Malformed File Transfer Request DoS Gaim contains a flaw that may allow a remote denial of service. The issue is triggered when requesting a malformed file transfer via the Jabber protocol, which causes the application to crash resulting in a loss of availability. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-365.nasl - Type : ACT_GATHER_INFO |
| 2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-429.nasl - Type : ACT_GATHER_INFO |
| 2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-125-1.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_889061afc42711d9ac5902061b08fc24.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ad5e70bbc42911d9ac5902061b08fc24.nasl - Type : ACT_GATHER_INFO |
| 2005-07-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_ecf68408a9f511d9a7880001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2005-05-17 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-086.nasl - Type : ACT_GATHER_INFO |
| 2005-05-12 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200505-09.nasl - Type : ACT_GATHER_INFO |
| 2005-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-429.nasl - Type : ACT_GATHER_INFO |
| 2005-05-11 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-432.nasl - Type : ACT_GATHER_INFO |
| 2005-04-15 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-071.nasl - Type : ACT_GATHER_INFO |
| 2005-04-12 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-365.nasl - Type : ACT_GATHER_INFO |
| 2005-04-07 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200504-05.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:59:11 |
|
