Mandrake Linux Security Advisory : gaim (MDKSA-2005:071)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

More vulnerabilities have been discovered in the gaim instant
messaging client :

A buffer overflow vulnerability was found in the way that gaim escapes
HTML, allowing a remote attacker to send a specially crafted message
to a gaim client and causing it to crash (CVE-2005-0965).

A bug was discovered in several of gaim's IRC processing functions
that fail to properly remove various markup tags within an IRC
message. This could allow a remote attacker to send specially crafted
message to a gaim client connected to an IRC server, causing it to
crash (CVE-2005-0966).

Finally, a problem was found in gaim's Jabber message parser that
would allow a remote Jabber user to send a specially crafted message
to a gaim client, bausing it to crash (CVE-2005-0967).

Gaim version 1.2.1 is not vulnerable to these issues and is provided
with this update.

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 18052 (mandrake_MDKSA-2005-071.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0965
CVE-2005-0966
CVE-2005-0967

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now