How to Buy
This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
Updated Gaim packages that fix a pair of security vulnerabilities are
Gaim is an instant messenger client that can handle multiple
Stefan Esser audited the Gaim source code and found a number of bugs
that have security implications. Many of these bugs do not affect the
version of Gaim distributed with version 2.1 of Red Hat Enterprise
A buffer overflow exists in the HTTP Proxy connect code. If Gaim is
configured to use an HTTP proxy for connecting to a server, a
malicious HTTP proxy could run arbitrary code as the user running
Gaim. The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2004-0006 to this issue.
An integer overflow in Gaim 0.74 and earlier, when allocating memory
for a directIM packet for AIM/Oscar, results in heap overflow. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2004-0008 to this issue.
Users of Gaim should upgrade to these erratum packages, which contain
a backported security patch correcting this issue.
Red Hat would like to thank Steffan Esser for finding and reporting
these issues and Jacques A. Vidrine for providing initial patches.
See also :
Update the affected gaim package.
Risk factor :
High / CVSS Base Score : 7.5
Family: Red Hat Local Security Checks
Nessus Plugin ID: 12459 ()
CVE ID: CVE-2004-0006CVE-2004-0008
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.