Mandrake Linux Security Advisory : gaim (MDKSA-2005:139)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Yet more vulnerabilities have been discovered in the gaim IM client.
Invalid characters in a sent file can cause Gaim to crash on some
systems (CVE-2005-2102); a remote AIM or ICQ user can cause a buffer
overflow in Gaim by setting an away message containing many AIM
substitution strings (CVE-2005-2103); a memory alignment bug in the
library used by Gaim to access the Gadu-Gadu network can result in a
buffer overflow on non-x86 architecture systems (CVE-2005-2370).

These problems have been corrected in gaim 1.5.0 which is provided
with this update.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 19896 (mandrake_MDKSA-2005-139.nasl)

Bugtraq ID:

CVE ID: CVE-2005-2102
CVE-2005-2103
CVE-2005-2370

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now