SUSE-SA:2004:025: gaim

This script is Copyright (C) 2004-2010 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch

Description :

The remote host is missing the patch for the advisory SUSE-SA:2004:025 (gaim).


Gaim is an instant messaging client which supports a wide range of
protocols.

Sebastian Krahmer of the SuSE Security Team discovered various remotely
exploitable buffer overflows in the MSN-protocol parsing functions during
a code review of the MSN protocol handling code.

Remote attackers can execute arbitrary code as the user running the gaim
client.

The vulnerable code exists in SUSE Linux 9.1 only.

Solution :

http://www.suse.de/security/2004_25_gaim.html

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: SuSE Local Security Checks

Nessus Plugin ID: 14264 ()

Bugtraq ID: 10865

CVE ID: CVE-2004-0500

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now