RHEL 2.1 : gaim (RHSA-2002:122)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated gaim packages are now available for Red Hat Linux Advanced
Server. These updates fix a buffer overflow in the Jabber plug-in
module.

Gaim is an instant messaging client based on the published TOC
protocol from AOL. Versions of gaim prior to 0.58 contain a buffer
overflow in the Jabber plug-in module.

Users of gaim should update to these errata packages containing gaim
0.59 which is not vulnerable to this issue.

Please note that gaim version 0.57 had an additional security problem
which has been fixed in version 0.58 (CVE-2002-0377)
however, Red Hat
Linux Advanced Server did not ship with version 0.57 and was not
vulnerable to this issue.

[update 14 Aug 2002] Previous packages pushed were not signed, this
update replaces the packages with signed versions

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0384.html
http://gaim.sourceforge.net/ChangeLog
http://rhn.redhat.com/errata/RHSA-2002-122.html

Solution :

Update the affected gaim package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12633 ()

Bugtraq ID:

CVE ID: CVE-2002-0384