int(1748)

Vulnerability Bulletins


Múltiples vulnerabilidades en gaim

Vulnerability classification

Property Value
Confidence level Oficial
Impact Obtener acceso
Dificulty Experto
Required attacker level Acceso remoto sin cuenta a un servicio exotico

System information

Property Value
Affected manufacturer GNU/Linux
Affected software gaim

Description

Se han descubierto múltiples vulnerabilidades en Gaim. Las vulnerabilidades son descritas a continuación:

- CAN-2005-2102: Vulnerabilidad de desbordamiento de búfer en la zona de heap. La vulnerabilidad reside en el procesado de los mensajes de "away" por parte de un cliente utilizando los protocolos AIM o ICQ. La explotación de esta vulnerabilidad podría permitir a un atacante remoto ejecutar código arbitrario.

- CAN-2005-2103: Vulnerabilidad en el procesado de los nombres de archivos recibidos por parte de un cliente utilizando los protocolos AIM o ICQ. La explotación de esta vulnerabilidad podría permitir a un atacante remoto provocar una situación de denegación de servicio de Gaim.

Solution



Actualización de software

Red Hat Linux
Red Hat Desktop (v. 3)
Red Hat Desktop (v. 4)
Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux AS (v. 4)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux ES (v. 4)
Red Hat Enterprise Linux WS (v. 3)
Red Hat Enterprise Linux WS (v. 4)
https://rhn.redhat.com/

Red Hat Linux

Red Hat Enterprise Linux AS (v. 2.1) / SRPMS
gaim-0.59.9-5.el2.src.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-32
gaim-0.59.9-5.el2.i386.rpm

Red Hat Enterprise Linux AS (v. 2.1) / IA-64
gaim-0.59.9-5.el2.ia64.rpm

Red Hat Enterprise Linux ES (v. 2.1) / SRPMS
gaim-0.59.9-5.el2.src.rpm

Red Hat Enterprise Linux ES (v. 2.1) / IA-32
gaim-0.59.9-5.el2.i386.rpm

Red Hat Enterprise Linux WS (v. 2.1) / SRPMS
gaim-0.59.9-5.el2.src.rpm

Red Hat Enterprise Linux WS (v. 2.1) / IA-32
gaim-0.59.9-5.el2.i386.rpm

Red Hat Linux Advanced Workstation 2.1 Itanium Processor / SRPMS
gaim-0.59.9-5.el2.src.rpm

Red Hat Linux Advanced Workstation 2.1 Itanium Processor / IA-64
gaim-0.59.9-5.el2.ia64.rpm

SUSE Linux
Actualizar mediante YaST Online Update

SGI
SGI Advanced Linux Environment 3
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/RPMS
ftp://oss.sgi.com/projects/sgi_propack/download/3/updates/SRPMS

Mandriva Linux

Mandrakelinux 10.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gaim-1.5.0-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libgaim-remote0-1.5.0-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/libgaim-remote0-devel-1.5.0-0.1.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gaim-1.5.0-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gaim-devel-1.5.0-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gaim-gevolution-1.5.0-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gaim-perl-1.5.0-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/gaim-tcl-1.5.0-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64gaim-remote0-1.5.0-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/gaim-1.5.0-0.1.101mdk.src.rpm

Corporate Server 3.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libgaim-remote0-1.5.0-0.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/libgaim-remote0-devel-1.5.0-0.1.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/gaim-1.5.0-0.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/gaim-devel-1.5.0-0.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/gaim-perl-1.5.0-0.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/gaim-tcl-1.5.0-0.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64gaim-remote0-1.5.0-0.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/gaim-1.5.0-0.1.C30mdk.src.rpm

Mandrivalinux LE2005
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gaim-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libgaim-remote0-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/libgaim-remote0-devel-1.5.0-0.1.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gaim-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gaim-devel-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gaim-gevolution-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gaim-perl-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gaim-silc-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/gaim-tcl-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64gaim-remote0-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/lib64gaim-remote0-devel-1.5.0-0.1.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/gaim-1.5.0-0.1.102mdk.src.rpm

Standar resources

Property Value
CVE CAN-2005-2102
CAN-2005-2103
BID

Other resources

Red Hat Security Advisory RHSA-2005:627-11
https://rhn.redhat.com/errata/RHSA-2005-627.html

SUSE Security Summary Report SUSE-SR:2005:019
http://www.novell.com/linux/security/advisories/2005_19_sr.html

SGI Security advisory 20050802-01-U
ftp://patches.sgi.com/support/free/security/advisories/20050802-01-U.asc

Mandriva Security Advisories MDKSA-2005:139
http://www.mandriva.com/security/advisories?name=MDKSA-2005:139

Red Hat Security Advisory RHSA-2005:589-16
https://rhn.redhat.com/errata/RHSA-2005-589.html

SUSE Security Announcement (SUSE-SR:2005:020)
http://www.novell.com/linux/security/advisories/2005_20_sr.html

Version history

Version Comments Date
1.0 Aviso emitido 2005-08-11
1.1 Aviso emitido por SUSE (SUSE-SR:2005:019) 2005-08-22
1.2 Aviso emitido por SGI (20050802-01-U). Aviso emitido por Mandriva (MDKSA-2005:139). Aviso emitido por Red Hat (RHSA-2005:589-16) 2005-08-31
1.3 Aviso emitido por SuSE (SUSE-SR:2005:020) 2005-09-16
Ministerio de Defensa
CNI
CCN
CCN-CERT