 |
Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | ||
| Test Kennung: | 1.3.6.1.4.1.25623.1.0.52112 |
| Kategorie: | Conectiva Local Security Checks |
| Titel: | Conectiva Security Advisory CLA-2005:949 |
| Zusammenfassung: | NOSUMMARY |
| Beschreibung: | Description: The remote host is missing updates announced in advisory CLA-2005:949. Gaim is a multi-protocol instant messaging (IM) client. This announcement fixes three denial of service vulnerabilities that were encountered in Gaim. The fixed vulnerabilities are: CVE-2005-0965: The gaim_markup_strip_html function allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read. CVE-2005-0966: The IRC protocol plugin allowed (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions. CVE-2005-0967: Sending a Gaim Jabber user a certain invalid file transfer request triggered an out-of-bounds read which caused Gaim to crash. For further informations on Gaim's vulnerabilities, please refer to the project's security page. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://gaim.sourceforge.net/ http://gaim.sourceforge.net/security/ http://www.securityspace.com/smysecure/catid.html?in=CLA-2005:949 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000949 Risk factor : High CVSS Score: 6.4 |
| Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-0965 BugTraq ID: 12999 http://www.securityfocus.com/bid/12999 Bugtraq: 20050401 multiple remote denial of service vulnerabilities in Gaim (Google Search) http://marc.info/?l=bugtraq&m=111238715307356&w=2 http://www.securityfocus.com/archive/1/426078/100/0/threaded http://www.mandriva.com/security/advisories?name=MDKSA-2005:071 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11292 http://www.redhat.com/support/errata/RHSA-2005-365.html http://secunia.com/advisories/14815 SuSE Security Announcement: SUSE-SA:2005:036 (Google Search) http://www.novell.com/linux/security/advisories/2005_36_sudo.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0966 BugTraq ID: 13003 http://www.securityfocus.com/bid/13003 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9185 XForce ISS Database: gaim-irc-plugin-bo(19937) https://exchange.xforce.ibmcloud.com/vulnerabilities/19937 XForce ISS Database: gaim-ircmsginvite-dos(19939) https://exchange.xforce.ibmcloud.com/vulnerabilities/19939 Common Vulnerability Exposure (CVE) ID: CVE-2005-0967 BugTraq ID: 13004 http://www.securityfocus.com/bid/13004 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9657 http://securitytracker.com/id?1013645 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |