RHEL 2.1 : gaim (RHSA-2002:122)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

Updated gaim packages are now available for Red Hat Linux Advanced
Server. These updates fix a buffer overflow in the Jabber plug-in
module.

Gaim is an instant messaging client based on the published TOC
protocol from AOL. Versions of gaim prior to 0.58 contain a buffer
overflow in the Jabber plug-in module.

Users of gaim should update to these errata packages containing gaim
0.59 which is not vulnerable to this issue.

Please note that gaim version 0.57 had an additional security problem
which has been fixed in version 0.58 (CVE-2002-0377)
however, Red Hat
Linux Advanced Server did not ship with version 0.57 and was not
vulnerable to this issue.

[update 14 Aug 2002] Previous packages pushed were not signed, this
update replaces the packages with signed versions

See also :

https://www.redhat.com/security/data/cve/CVE-2002-0384.html
http://gaim.sourceforge.net/ChangeLog
http://rhn.redhat.com/errata/RHSA-2002-122.html

Solution :

Update the affected gaim package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 12633 ()

Bugtraq ID:

CVE ID: CVE-2002-0384

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial