RHEL 2.1 : gaim (RHSA-2005:589)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated gaim package that fixes a buffer overflow security issue is
now available.

This update has been rated as having critical security impact by the
Red Hat Security Response Team.

Gaim is an Internet Instant Messaging client.

A heap based buffer overflow issue was discovered in the way Gaim
processes away messages. A remote attacker could send a specially
crafted away message to a Gaim user logged into AIM or ICQ which could
result in arbitrary code execution. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2005-2103
to this issue.

Users of gaim are advised to upgrade to this updated package, which
contains backported patches and is not vulnerable to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2005-2103.html
http://rhn.redhat.com/errata/RHSA-2005-589.html

Solution :

Update the affected gaim package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 19422 ()

Bugtraq ID:

CVE ID: CVE-2005-2103