Mandrake Linux Security Advisory : gaim (MDKSA-2004:110)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

More vulnerabilities have been discovered in the gaim instant
messenger client. The vulnerabilities pertinent to version 0.75, which
is the version shipped with Mandrakelinux 10.0, are: installing smiley
themes could allow remote attackers to execute arbitrary commands via
shell metacharacters in the filename of the tar file that is dragged
to the smiley selector. There is also a buffer overflow in the way
gaim handles receiving very long URLs.

The provided packages have been patched to fix these problems. These
issues, amongst others, have been fixed upstream in version 0.82.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15546 (mandrake_MDKSA-2004-110.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0784
CVE-2004-0785

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now