RHEL 2.1 : gaim (RHSA-2002:122)

High Nessus Plugin ID 12633


The remote Red Hat host is missing a security update.


Updated gaim packages are now available for Red Hat Linux Advanced Server. These updates fix a buffer overflow in the Jabber plug-in module.

Gaim is an instant messaging client based on the published TOC protocol from AOL. Versions of gaim prior to 0.58 contain a buffer overflow in the Jabber plug-in module.

Users of gaim should update to these errata packages containing gaim 0.59 which is not vulnerable to this issue.

Please note that gaim version 0.57 had an additional security problem which has been fixed in version 0.58 (CVE-2002-0377); however, Red Hat Linux Advanced Server did not ship with version 0.57 and was not vulnerable to this issue.

[update 14 Aug 2002] Previous packages pushed were not signed, this update replaces the packages with signed versions


Update the affected gaim package.

See Also




Plugin Details

Severity: High

ID: 12633

File Name: redhat-RHSA-2002-122.nasl

Version: $Revision: 1.19 $

Type: local

Agent: unix

Published: 2004/07/06

Modified: 2016/12/28

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:gaim, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 2002/08/20

Vulnerability Publication Date: 2002/08/07

Reference Information

CVE: CVE-2002-0384

OSVDB: 3729

RHSA: 2002:122