Boletines de Vulnerabilidades |
Ejecución remota de código en el cliente GAIM |
|
Clasificación de la vulnerabilidad |
|
Propiedad | Valor |
Nivel de Confianza | Oficial |
Impacto | Obtener acceso |
Dificultad | Avanzado |
Requerimientos del atacante | Acceso remoto sin cuenta a un servicio exotico |
Información sobre el sistema |
|
Propiedad | Valor |
Fabricante afectado | GNU/Linux |
Software afectado | GAIM <= 0.75 |
Descripción |
|
Se han encontrado varias vulnerabilidades de desbordamiento de búfer en el cliente de mensajería instantánea GAIM. Explotando estas vulnerabilidades, un atacante remoto podría ejecutar código arbitrario en el sistema en que se ejecute el cliente GAIM. |
|
Solución |
|
Actualización de software Mandrakelinux Mandrakelinux 9.2 ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/gaim-0.75-1.4.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/gaim-encrypt-0.75-1.4.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/gaim-festival-0.75-1.4.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/gaim-perl-0.75-1.4.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libgaim-remote0-0.75-1.4.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/RPMS/libgaim-remote0-devel-0.75-1.4.92mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/9.2/SRPMS/gaim-0.75-1.4.92mdk.src.rpm Mandrakelinux 9.2/AMD64 ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/gaim-0.75-1.4.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/gaim-encrypt-0.75-1.4.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/gaim-festival-0.75-1.4.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/gaim-perl-0.75-1.4.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64gaim-remote0-0.75-1.4.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/RPMS/lib64gaim-remote0-devel-0.75-1.4.92mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/9.2/SRPMS/gaim-0.75-1.4.92mdk.src.rpm Mandrakelinux 10.0 ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/gaim-0.75-5.2.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/gaim-encrypt-0.75-5.2.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/gaim-festival-0.75-5.2.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/gaim-perl-0.75-5.2.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libgaim-remote0-0.75-5.2.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/RPMS/libgaim-remote0-devel-0.75-5.2.100mdk.i586.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/10.0/SRPMS/gaim-0.75-5.2.100mdk.src.rpm Mandrakelinux 10.0/AMD64 ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/gaim-0.75-5.2.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/gaim-encrypt-0.75-5.2.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/gaim-festival-0.75-5.2.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/gaim-perl-0.75-5.2.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64gaim-remote0-0.75-5.2.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/RPMS/lib64gaim-remote0-devel-0.75-5.2.100mdk.amd64.rpm ftp://ftp.planetmirror.com/pub/Mandrake/updates/amd64/10.0/SRPMS/gaim-0.75-5.2.100mdk.src.rpm SUSE Linux x86 Platform & SUSE Linux 9.1 RPM ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gaim-0.75-79.2.i586.rpm Parche ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gaim-0.75-79.2.i586.patch.rpm Fuentes ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/gaim-0.75-79.2.src.rpm x86-64 & SUSE Linux 9.1 RPM ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gaim-0.75-79.2.x86_64.rpm Parche ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gaim-0.75-79.2.x86_64.patch.rpm Fuentes ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/gaim-0.75-79.2.src.rpm Red Hat Linux Red Hat Desktop (v. 3) AMD64 gaim-0.82.1-0.RHEL3.x86_64.rpm SRPMS gaim-0.82.1-0.RHEL3.src.rpm i386 gaim-0.82.1-0.RHEL3.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) AMD64 gaim-0.82.1-0.RHEL3.x86_64.rpm SRPMS gaim-0.82.1-0.RHEL3.src.rpm i386 gaim-0.82.1-0.RHEL3.i386.rpm ia64 gaim-0.82.1-0.RHEL3.ia64.rpm ppc gaim-0.82.1-0.RHEL3.ppc.rpm s390 gaim-0.82.1-0.RHEL3.s390.rpm s390x gaim-0.82.1-0.RHEL3.s390x.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) AMD64 gaim-0.82.1-0.RHEL3.x86_64.rpm SRPMS gaim-0.82.1-0.RHEL3.src.rpm i386 gaim-0.82.1-0.RHEL3.i386.rpm ia64 gaim-0.82.1-0.RHEL3.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) AMD64 gaim-0.82.1-0.RHEL3.x86_64.rpm SRPMS gaim-0.82.1-0.RHEL3.src.rpm i386 gaim-0.82.1-0.RHEL3.i386.rpm ia64 gaim-0.82.1-0.RHEL3.ia64.rpm https://rhn.redhat.com/ |
|
Identificadores estándar |
|
Propiedad | Valor |
CVE | CAN-2004-0500 |
BID | |
Recursos adicionales |
|
Mandrake Security Advisory MDKSA-2004:081 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:081 SUSE Security Announcement SUSE-SA:2004:025 http://www.suse.de/de/security/2004_25_gaim.html Red Hat Security Advisory RHSA-2004:400-15 https://rhn.redhat.com/errata/RHSA-2004-400.html |
Histórico de versiones |
||
Versión | Comentario | Fecha |
1.0 | Aviso emitido | 2004-08-13 |
1.1 | Aviso emitido por Red Hat (RHSA-2004:400-15) | 2004-09-08 |