{"id": "FEDORA_2005-159.NASL", "bulletinFamily": "scanner", "title": "Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)", "description": " - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2005-09-12T00:00:00", "modified": "2019-11-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/19618", "reporter": "This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?b9985b44"], "cvelist": ["CVE-2005-0473", "CVE-2005-0472"], "type": "nessus", "lastseen": "2019-11-01T02:26:29", "history": [{"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:gaim", "p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "enchantments": {"dependencies": {"modified": "2019-01-16T20:06:18", "references": []}, "score": {"value": 2.1, "vector": "NONE"}}, "hash": "12575b70acc78e644d95b230c0bac26d789f64af4c7588a426d409aa8770be92", "hashmap": [{"hash": "5057850951536fc1860029e70cb86b0f", "key": "sourceData"}, {"hash": "fc13aae78e56ab5ab0f732f5981b73e6", "key": "references"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4c13ac4bea0986a80f3e42b636d201b2", "key": "cpe"}, {"hash": "7f0bd5afbc1980a9fa6649f99320bf71", "key": "published"}, {"hash": "3c70d0c22d88857d04d7195bc4954b09", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "179c1e30634241d3a50cfe5f4047507e", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07d23f8cbc7a4e982ced4d5398d6ea89", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "736607a3619b9d100b896a90c83e05f7", "key": "description"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=19618", "id": "FEDORA_2005-159.NASL", "lastseen": "2019-01-16T20:06:18", "modified": "2018-07-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "19618", "published": "2005-09-12T00:00:00", "references": ["http://www.nessus.org/u?b9985b44"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-159.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19618);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 23:19:04\");\n\n script_xref(name:\"FEDORA\", value:\"2005-159\");\n\n script_name(english:\"Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-February/000708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9985b44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim and / or gaim-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"gaim-1.1.3-1.FC2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"gaim-debuginfo-1.1.3-1.FC2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-debuginfo\");\n}\n", "title": "Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 4, "lastseen": "2019-01-16T20:06:18"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:gaim", "p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- Sat Feb 19 2005 Warren Togami <wtogami at redhat.com> 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com> 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472 Client freezes when receiving certain invalid messages CVE-2005-0473 Client crashes when receiving specific malformed HTML\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 3, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "d603522fa790a113248a4265b08669a8bfcc8a31a7c8238637a3946ba3430d6b", "hashmap": [{"hash": "5057850951536fc1860029e70cb86b0f", "key": "sourceData"}, {"hash": "fc13aae78e56ab5ab0f732f5981b73e6", "key": "references"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4c13ac4bea0986a80f3e42b636d201b2", "key": "cpe"}, {"hash": "7f0bd5afbc1980a9fa6649f99320bf71", "key": "published"}, {"hash": "ead0811731066477f3a71d4f687fa8e5", "key": "description"}, {"hash": "3c70d0c22d88857d04d7195bc4954b09", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "179c1e30634241d3a50cfe5f4047507e", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07d23f8cbc7a4e982ced4d5398d6ea89", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=19618", "id": "FEDORA_2005-159.NASL", "lastseen": "2018-08-02T08:26:58", "modified": "2018-07-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "19618", "published": "2005-09-12T00:00:00", "references": ["http://www.nessus.org/u?b9985b44"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-159.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19618);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 23:19:04\");\n\n script_xref(name:\"FEDORA\", value:\"2005-159\");\n\n script_name(english:\"Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-February/000708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9985b44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim and / or gaim-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"gaim-1.1.3-1.FC2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"gaim-debuginfo-1.1.3-1.FC2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-debuginfo\");\n}\n", "title": "Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)", "type": "nessus", "viewCount": 0}, "differentElements": ["description"], "edition": 3, "lastseen": "2018-08-02T08:26:58"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:gaim", "p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- Sat Feb 19 2005 Warren Togami <wtogami at redhat.com> 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com> 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472 Client freezes when receiving certain invalid messages CVE-2005-0473 Client crashes when receiving specific malformed HTML\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "enchantments": {"score": {"value": 2.1, "vector": "NONE"}}, "hash": "97703d2253d07a43b1f4e787e7bc5becf951f303b02c33ade861455fb892ff2a", "hashmap": [{"hash": "fc13aae78e56ab5ab0f732f5981b73e6", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4c13ac4bea0986a80f3e42b636d201b2", "key": "cpe"}, {"hash": "7f0bd5afbc1980a9fa6649f99320bf71", "key": "published"}, {"hash": "ead0811731066477f3a71d4f687fa8e5", "key": "description"}, {"hash": "3c70d0c22d88857d04d7195bc4954b09", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "179c1e30634241d3a50cfe5f4047507e", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07d23f8cbc7a4e982ced4d5398d6ea89", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "55c15b2ee014f410bc35a2ea45f82539", "key": "modified"}, {"hash": "9d218b088b3d2e8807475dea41fb0e18", "key": "sourceData"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=19618", "id": "FEDORA_2005-159.NASL", "lastseen": "2017-10-29T13:45:23", "modified": "2015-10-21T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "19618", "published": "2005-09-12T00:00:00", "references": ["http://www.nessus.org/u?b9985b44"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-159.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19618);\n script_version (\"$Revision: 1.12 $\");\n script_cvs_date(\"$Date: 2015/10/21 21:38:04 $\");\n\n script_xref(name:\"FEDORA\", value:\"2005-159\");\n\n script_name(english:\"Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-February/000708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9985b44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim and / or gaim-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"gaim-1.1.3-1.FC2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"gaim-debuginfo-1.1.3-1.FC2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-debuginfo\");\n}\n", "title": "Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-10-29T13:45:23"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:gaim", "p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"], "cvelist": ["CVE-2005-0473", "CVE-2005-0472"], "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "description": " - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 6, "enchantments": {"dependencies": {"modified": "2019-10-28T20:10:54", "references": [{"idList": ["RHSA-2005:215", "RHSA-2005:432"], "type": "redhat"}, {"idList": ["CVE-2005-0473", "CVE-2005-0472"], "type": "cve"}, {"idList": ["FREEBSD_PKG_8B0E94CCB5CD11D9A7880001020EED82.NASL", "DEBIAN_DSA-716.NASL", "REDHAT-RHSA-2005-432.NASL", "REDHAT-RHSA-2005-215.NASL", "FREEBSD_PKG_142353DFB5CC11D9A7880001020EED82.NASL", "FEDORA_2005-160.NASL", "UBUNTU_USN-85-1.NASL", "GENTOO_GLSA-200503-03.NASL", "MANDRAKE_MDKSA-2005-049.NASL"], "type": "nessus"}, {"idList": ["DEBIAN:DSA-716-1:EDBEE"], "type": "debian"}, {"idList": ["SUSE-SA:2005:036"], "type": "suse"}, {"idList": ["142353DF-B5CC-11D9-A788-0001020EED82", "8B0E94CC-B5CD-11D9-A788-0001020EED82"], "type": "freebsd"}, {"idList": ["VU:839280", "VU:523888"], "type": "cert"}, {"idList": ["GLSA-200503-03"], "type": "gentoo"}, {"idList": ["USN-85-1"], "type": "ubuntu"}, {"idList": ["OSVDB:13924", "OSVDB:13923"], "type": "osvdb"}, {"idList": ["CESA-2005:432-01"], "type": "centos"}, {"idList": ["OPENVAS:52547", "OPENVAS:54868", "OPENVAS:53545", "OPENVAS:52546"], "type": "openvas"}]}, "score": {"modified": "2019-10-28T20:10:54", "value": 5.7, "vector": "NONE"}}, "hash": "9b18528536e8666031a12f85b26bd963be043415967df47b1a12922255eee3a8", "hashmap": [{"hash": "dee328a3698293d683a5d149f9613adc", "key": "sourceData"}, {"hash": "fc13aae78e56ab5ab0f732f5981b73e6", "key": "references"}, {"hash": "4be150a718d8ee7b98ef7621ab539da2", "key": "cvelist"}, {"hash": "4c13ac4bea0986a80f3e42b636d201b2", "key": "cpe"}, {"hash": "7a73eb7774919cfc93d1f23c603395f7", "key": "description"}, {"hash": "7f0bd5afbc1980a9fa6649f99320bf71", "key": "published"}, {"hash": "3c70d0c22d88857d04d7195bc4954b09", "key": "pluginID"}, {"hash": "e02e395d9a680d51f8b2f64552d5d9f7", "key": "href"}, {"hash": "179c1e30634241d3a50cfe5f4047507e", "key": "title"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0bafb6325bcaf483a25404f785191cc5", "key": "modified"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}, {"hash": "507c1dcbb71af7a074b2f9898d9bcebb", "key": "reporter"}, {"hash": "41b62a8aa1ee5c40897717cadc30784a", "key": "cvss"}], "history": [], "href": "https://www.tenable.com/plugins/nessus/19618", "id": "FEDORA_2005-159.NASL", "lastseen": "2019-10-28T20:10:54", "modified": "2019-10-02T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "19618", "published": "2005-09-12T00:00:00", "references": ["http://www.nessus.org/u?b9985b44"], "reporter": "This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-159.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19618);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:23\");\n\n script_xref(name:\"FEDORA\", value:\"2005-159\");\n\n script_name(english:\"Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-February/000708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9985b44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim and / or gaim-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"gaim-1.1.3-1.FC2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"gaim-debuginfo-1.1.3-1.FC2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-debuginfo\");\n}\n", "title": "Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified"], "edition": 6, "lastseen": "2019-10-28T20:10:54"}, {"bulletin": {"bulletinFamily": "scanner", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:gaim", "p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"], "cvelist": [], "cvss": {"score": 0.0, "vector": "NONE"}, "description": "- Sat Feb 19 2005 Warren Togami <wtogami at redhat.com> 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com> 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472 Client freezes when receiving certain invalid messages CVE-2005-0473 Client crashes when receiving specific malformed HTML\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 5, "enchantments": {"dependencies": {"modified": "2019-02-21T01:08:46", "references": []}, "score": {"modified": "2019-02-21T01:08:46", "value": -0.1, "vector": "NONE"}}, "hash": "d603522fa790a113248a4265b08669a8bfcc8a31a7c8238637a3946ba3430d6b", "hashmap": [{"hash": "5057850951536fc1860029e70cb86b0f", "key": "sourceData"}, {"hash": "fc13aae78e56ab5ab0f732f5981b73e6", "key": "references"}, {"hash": "e2914120514a29eeccc01e381df164d8", "key": "modified"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "4c13ac4bea0986a80f3e42b636d201b2", "key": "cpe"}, {"hash": "7f0bd5afbc1980a9fa6649f99320bf71", "key": "published"}, {"hash": "ead0811731066477f3a71d4f687fa8e5", "key": "description"}, {"hash": "3c70d0c22d88857d04d7195bc4954b09", "key": "pluginID"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "179c1e30634241d3a50cfe5f4047507e", "key": "title"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "07d23f8cbc7a4e982ced4d5398d6ea89", "key": "href"}, {"hash": "be931514784f88df80712740ad2723e7", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=19618", "id": "FEDORA_2005-159.NASL", "lastseen": "2019-02-21T01:08:46", "modified": "2018-07-19T00:00:00", "naslFamily": "Fedora Local Security Checks", "objectVersion": "1.3", "pluginID": "19618", "published": "2005-09-12T00:00:00", "references": ["http://www.nessus.org/u?b9985b44"], "reporter": "Tenable", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-159.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19618);\n script_version (\"1.13\");\n script_cvs_date(\"Date: 2018/07/19 23:19:04\");\n\n script_xref(name:\"FEDORA\", value:\"2005-159\");\n\n script_name(english:\"Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-February/000708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9985b44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim and / or gaim-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"gaim-1.1.3-1.FC2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"gaim-debuginfo-1.1.3-1.FC2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-debuginfo\");\n}\n", "title": "Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)", "type": "nessus", "viewCount": 0}, "differentElements": ["cvss", "description", "cvelist", "reporter", "modified", "sourceData", "href"], "edition": 5, "lastseen": "2019-02-21T01:08:46"}], "edition": 7, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cpe", "hash": "4c13ac4bea0986a80f3e42b636d201b2"}, {"key": "cvelist", "hash": "4be150a718d8ee7b98ef7621ab539da2"}, {"key": "cvss", "hash": "41b62a8aa1ee5c40897717cadc30784a"}, {"key": "description", "hash": "7a73eb7774919cfc93d1f23c603395f7"}, {"key": "href", "hash": "e02e395d9a680d51f8b2f64552d5d9f7"}, {"key": "modified", "hash": "abcf9266f425f12dda38f529cd4a94bc"}, {"key": "naslFamily", "hash": "be931514784f88df80712740ad2723e7"}, {"key": "pluginID", "hash": "3c70d0c22d88857d04d7195bc4954b09"}, {"key": "published", "hash": "7f0bd5afbc1980a9fa6649f99320bf71"}, {"key": "references", "hash": "fc13aae78e56ab5ab0f732f5981b73e6"}, {"key": "reporter", "hash": "507c1dcbb71af7a074b2f9898d9bcebb"}, {"key": "sourceData", "hash": "dee328a3698293d683a5d149f9613adc"}, {"key": "title", "hash": "179c1e30634241d3a50cfe5f4047507e"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "8e64a76baf5479555b14f0f8fe4ce75f6bb96a9778cc08fd4ff08769f633a29f", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0472", "CVE-2005-0473"]}, {"type": "nessus", "idList": ["FEDORA_2005-160.NASL", "UBUNTU_USN-85-1.NASL", "REDHAT-RHSA-2005-215.NASL", "MANDRAKE_MDKSA-2005-049.NASL", "GENTOO_GLSA-200503-03.NASL", "DEBIAN_DSA-716.NASL", "FREEBSD_PKG_8B0E94CCB5CD11D9A7880001020EED82.NASL", "REDHAT-RHSA-2005-432.NASL", "FREEBSD_PKG_142353DFB5CC11D9A7880001020EED82.NASL"]}, {"type": "redhat", "idList": ["RHSA-2005:215", "RHSA-2005:432"]}, {"type": "gentoo", "idList": ["GLSA-200503-03"]}, {"type": "openvas", "idList": ["OPENVAS:54868", "OPENVAS:53545", "OPENVAS:52546", "OPENVAS:52547"]}, {"type": "ubuntu", "idList": ["USN-85-1"]}, {"type": "freebsd", "idList": ["8B0E94CC-B5CD-11D9-A788-0001020EED82", "142353DF-B5CC-11D9-A788-0001020EED82"]}, {"type": "osvdb", "idList": ["OSVDB:13924", "OSVDB:13923"]}, {"type": "cert", "idList": ["VU:523888", "VU:839280"]}, {"type": "debian", "idList": ["DEBIAN:DSA-716-1:EDBEE"]}, {"type": "centos", "idList": ["CESA-2005:432-01"]}, {"type": "suse", "idList": ["SUSE-SA:2005:036"]}], "modified": "2019-11-01T02:26:29"}, "score": {"value": 5.7, "vector": "NONE", "modified": "2019-11-01T02:26:29"}, "vulnersScore": 5.7}, "objectVersion": "1.3", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-159.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19618);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:23\");\n\n script_xref(name:\"FEDORA\", value:\"2005-159\");\n\n script_name(english:\"Fedora Core 2 : gaim-1.1.3-1.FC2 (2005-159)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC2\n\n - FC2\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-February/000708.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b9985b44\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim and / or gaim-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 2.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC2\", reference:\"gaim-1.1.3-1.FC2\")) flag++;\nif (rpm_check(release:\"FC2\", reference:\"gaim-debuginfo-1.1.3-1.FC2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-debuginfo\");\n}\n", "naslFamily": "Fedora Local Security Checks", "pluginID": "19618", "cpe": ["cpe:/o:fedoraproject:fedora_core:2", "p-cpe:/a:fedoraproject:fedora:gaim", "p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"], "scheme": null}

{"cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.", "modified": "2018-10-19T15:31:00", "id": "CVE-2005-0472", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0472", "published": "2005-03-14T05:00:00", "title": "CVE-2005-0472", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes \"an invalid memory access,\" a different vulnerability than CVE-2005-0208.", "modified": "2018-10-19T15:31:00", "id": "CVE-2005-0473", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0473", "published": "2005-03-14T05:00:00", "title": "CVE-2005-0473", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2019-11-01T02:26:29", "bulletinFamily": "scanner", "description": " - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC3\n\n - FC3\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-11-02T00:00:00", "id": "FEDORA_2005-160.NASL", "href": "https://www.tenable.com/plugins/nessus/19619", "published": "2005-09-12T00:00:00", "title": "Fedora Core 3 : gaim-1.1.3-1.FC3 (2005-160)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2005-160.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19619);\n script_version (\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:23\");\n\n script_xref(name:\"FEDORA\", value:\"2005-160\");\n\n script_name(english:\"Fedora Core 3 : gaim-1.1.3-1.FC3 (2005-160)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - Sat Feb 19 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-1.FC3\n\n - FC3\n\n - Fri Feb 18 2005 Warren Togami <wtogami at redhat.com>\n 1:1.1.3-2\n\n - 1.1.3 including two security fixes CVE-2005-0472\n Client freezes when receiving certain invalid messages\n CVE-2005-0473 Client crashes when receiving specific\n malformed HTML\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/announce/2005-February/000709.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?931fb653\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gaim and / or gaim-debuginfo packages.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/09/12\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^3([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"gaim-1.1.3-1.FC3\")) flag++;\nif (rpm_check(release:\"FC3\", reference:\"gaim-debuginfo-1.1.3-1.FC3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim / gaim-debuginfo\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:54:57", "bulletinFamily": "scanner", "description": "Gaim versions prior to version 1.1.4 suffer from a few security issues\nsuch as the HTML parses not sufficiently validating its input. This\nallowed a remote attacker to crash the Gaim client be sending certain\nmalformed HTML messages (CVE-2005-0208 and CVE-2005-0473).\n\nAs well, insufficient input validation was also discovered in the\n", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2005-049.NASL", "href": "https://www.tenable.com/plugins/nessus/17278", "published": "2005-03-06T00:00:00", "title": "Mandrake Linux Security Advisory : gaim (MDKSA-2005:049)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2005:049. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17278);\n script_version (\"1.17\");\n script_cvs_date(\"Date: 2019/08/02 13:32:47\");\n\n script_cve_id(\"CVE-2005-0208\", \"CVE-2005-0472\", \"CVE-2005-0473\");\n script_xref(name:\"MDKSA\", value:\"2005:049\");\n\n script_name(english:\"Mandrake Linux Security Advisory : gaim (MDKSA-2005:049)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Gaim versions prior to version 1.1.4 suffer from a few security issues\nsuch as the HTML parses not sufficiently validating its input. This\nallowed a remote attacker to crash the Gaim client be sending certain\nmalformed HTML messages (CVE-2005-0208 and CVE-2005-0473).\n\nAs well, insufficient input validation was also discovered in the\n'Oscar' protocol handler, used for ICQ and AIM. By sending specially\ncrafted packets, remote users could trigger an inifinite loop in Gaim\ncausing it to become unresponsive and hang (CVE-2005-0472).\n\nGaim 1.1.4 is provided and fixes these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://gaim.sourceforge.net/security/index.php?id=10\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://gaim.sourceforge.net/security/index.php?id=11\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://gaim.sourceforge.net/security/index.php?id=12\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-gevolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:gaim-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gaim-remote0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64gaim-remote0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgaim-remote0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libgaim-remote0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK10.0\", reference:\"gaim-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"gaim-devel-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"gaim-perl-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", reference:\"gaim-tcl-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64gaim-remote0-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"amd64\", reference:\"lib64gaim-remote0-devel-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libgaim-remote0-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.0\", cpu:\"i386\", reference:\"libgaim-remote0-devel-1.1.4-2.1.100mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-devel-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-gevolution-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-perl-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", reference:\"gaim-tcl-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64gaim-remote0-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"x86_64\", reference:\"lib64gaim-remote0-devel-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libgaim-remote0-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK10.1\", cpu:\"i386\", reference:\"libgaim-remote0-devel-1.1.4-2.1.101mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:40:13", "bulletinFamily": "scanner", "description": "The remote host is affected by the vulnerability described in GLSA-200503-03\n(Gaim: Multiple Denial of Service issues)\n\n Specially crafted SNAC packets sent by other instant-messaging\n users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML\n code could lead to invalid memory accesses (CAN-2005-0208 and\n CAN-2005-0473).\n \nImpact :\n\n Remote attackers could exploit these issues, resulting in a Denial\n of Service.\n \nWorkaround :\n\n There is no known workaround at this time.", "modified": "2019-11-02T00:00:00", "id": "GENTOO_GLSA-200503-03.NASL", "href": "https://www.tenable.com/plugins/nessus/17250", "published": "2005-03-02T00:00:00", "title": "GLSA-200503-03 : Gaim: Multiple Denial of Service issues", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200503-03.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17250);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:42\");\n\n script_cve_id(\"CVE-2005-0208\", \"CVE-2005-0472\", \"CVE-2005-0473\");\n script_xref(name:\"GLSA\", value:\"200503-03\");\n\n script_name(english:\"GLSA-200503-03 : Gaim: Multiple Denial of Service issues\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200503-03\n(Gaim: Multiple Denial of Service issues)\n\n Specially crafted SNAC packets sent by other instant-messaging\n users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML\n code could lead to invalid memory accesses (CAN-2005-0208 and\n CAN-2005-0473).\n \nImpact :\n\n Remote attackers could exploit these issues, resulting in a Denial\n of Service.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200503-03\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Gaim users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gaim-1.1.4'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/02\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-im/gaim\", unaffected:make_list(\"ge 1.1.4\"), vulnerable:make_list(\"lt 1.1.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Gaim\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T03:20:10", "bulletinFamily": "scanner", "description": "An updated gaim package that fixes various security issues as well as\na number of bugs is now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nTwo HTML parsing bugs were discovered in Gaim. It is possible that a\nremote attacker could send a specially crafted message to a Gaim\nclient, causing it to crash. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the names CVE-2005-0208 and\nCVE-2005-0473 to these issues.\n\nA bug in the way Gaim processes SNAC packets was discovered. It is\npossible that a remote attacker could send a specially crafted SNAC\npacket to a Gaim client, causing the client to stop responding. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-0472 to this issue.\n\nAdditionally, various client crashes, memory leaks, and protocol\nissues have been resolved.\n\nUsers of Gaim are advised to upgrade to this updated package which\ncontains Gaim version 1.1.4 and is not vulnerable to these issues.", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2005-215.NASL", "href": "https://www.tenable.com/plugins/nessus/17310", "published": "2005-03-10T00:00:00", "title": "RHEL 3 / 4 : gaim (RHSA-2005:215)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:215. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(17310);\n script_version (\"1.26\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-0208\", \"CVE-2005-0472\", \"CVE-2005-0473\");\n script_xref(name:\"RHSA\", value:\"2005:215\");\n\n script_name(english:\"RHEL 3 / 4 : gaim (RHSA-2005:215)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gaim package that fixes various security issues as well as\na number of bugs is now available.\n\nThis update has been rated as having important security impact by the\nRed Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nTwo HTML parsing bugs were discovered in Gaim. It is possible that a\nremote attacker could send a specially crafted message to a Gaim\nclient, causing it to crash. The Common Vulnerabilities and Exposures\nproject (cve.mitre.org) has assigned the names CVE-2005-0208 and\nCVE-2005-0473 to these issues.\n\nA bug in the way Gaim processes SNAC packets was discovered. It is\npossible that a remote attacker could send a specially crafted SNAC\npacket to a Gaim client, causing the client to stop responding. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-0472 to this issue.\n\nAdditionally, various client crashes, memory leaks, and protocol\nissues have been resolved.\n\nUsers of Gaim are advised to upgrade to this updated package which\ncontains Gaim version 1.1.4 and is not vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0208\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0473\"\n );\n # http://gaim.sourceforge.net/security/index.php?id=10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/security/index.php?id=10\"\n );\n # http://gaim.sourceforge.net/security/index.php?id=11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/security/index.php?id=11\"\n );\n # http://gaim.sourceforge.net/security/index.php?id=12\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/security/index.php?id=12\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:215\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gaim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/03/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:215\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"gaim-1.1.4-1.EL3.1\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gaim-1.1.4-1.EL4\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-03T12:38:19", "bulletinFamily": "scanner", "description": "The Gaim developers discovered that the HTML parser did not\nsufficiently validate its input. This allowed a remote attacker to\ncrash the Gaim client by sending certain malformed HTML messages.\n(CAN-2005-0208, CAN-2005-0473)\n\nAnother lack of sufficient input validation was found in the ", "modified": "2019-11-02T00:00:00", "id": "UBUNTU_USN-85-1.NASL", "href": "https://www.tenable.com/plugins/nessus/20710", "published": "2006-01-15T00:00:00", "title": "Ubuntu 4.10 : gaim vulnerabilities (USN-85-1)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-85-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(20710);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:00\");\n\n script_cve_id(\"CVE-2005-0208\", \"CVE-2005-0472\", \"CVE-2005-0473\");\n script_xref(name:\"USN\", value:\"85-1\");\n\n script_name(english:\"Ubuntu 4.10 : gaim vulnerabilities (USN-85-1)\");\n script_summary(english:\"Checks dpkg output for updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Ubuntu host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Gaim developers discovered that the HTML parser did not\nsufficiently validate its input. This allowed a remote attacker to\ncrash the Gaim client by sending certain malformed HTML messages.\n(CAN-2005-0208, CAN-2005-0473)\n\nAnother lack of sufficient input validation was found in the 'Oscar'\nprotocol handler which is used for ICQ and AIM. By sending specially\ncrafted packets, remote users could trigger an infinite loop in Gaim\nwhich caused Gaim to become unresponsive and hang. (CAN-2005-0472).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gaim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:4.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/01/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(4\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 4.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"4.10\", pkgname:\"gaim\", pkgver:\"1.0.0-1ubuntu1.2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:25:49", "bulletinFamily": "scanner", "description": "It has been discovered that certain malformed SNAC packets sent by\nother AIM or ICQ users can trigger an infinite loop in Gaim, a\nmulti-protocol instant messaging client, and hence lead to a denial of\nservice of the client.\n\nTwo more denial of service conditions have been discovered in newer\nversions of Gaim which are fixed in the package in sid but are not\npresent in the package in woody.", "modified": "2019-11-02T00:00:00", "id": "DEBIAN_DSA-716.NASL", "href": "https://www.tenable.com/plugins/nessus/18152", "published": "2005-04-28T00:00:00", "title": "Debian DSA-716-1 : gaim - denial of service", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-716. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18152);\n script_version(\"1.18\");\n script_cvs_date(\"Date: 2019/08/02 13:32:18\");\n\n script_cve_id(\"CVE-2005-0472\");\n script_xref(name:\"DSA\", value:\"716\");\n\n script_name(english:\"Debian DSA-716-1 : gaim - denial of service\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It has been discovered that certain malformed SNAC packets sent by\nother AIM or ICQ users can trigger an infinite loop in Gaim, a\nmulti-protocol instant messaging client, and hence lead to a denial of\nservice of the client.\n\nTwo more denial of service conditions have been discovered in newer\nversions of Gaim which are fixed in the package in sid but are not\npresent in the package in woody.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2005/dsa-716\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gaim packages.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.58-2.5.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/04/28\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"gaim\", reference:\"0.58-2.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"gaim-common\", reference:\"0.58-2.5\")) flag++;\nif (deb_check(release:\"3.0\", prefix:\"gaim-gnome\", reference:\"0.58-2.5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T02:38:59", "bulletinFamily": "scanner", "description": "The GAIM team reports that GAIM is vulnerable to a denial-of-service\nvulnerability which can cause GAIM to freeze :\n\nCertain malformed SNAC packets sent by other AIM or ICQ users can\ntrigger an infinite loop in Gaim when parsing the SNAC. The remote\nuser would need a custom client, able to generate malformed SNACs.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_8B0E94CCB5CD11D9A7880001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/19020", "published": "2005-07-13T00:00:00", "title": "FreeBSD : gaim -- AIM/ICQ remote denial of service vulnerability (8b0e94cc-b5cd-11d9-a788-0001020eed82)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(19020);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:32:37\");\n\n script_cve_id(\"CVE-2005-0472\");\n\n script_name(english:\"FreeBSD : gaim -- AIM/ICQ remote denial of service vulnerability (8b0e94cc-b5cd-11d9-a788-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GAIM team reports that GAIM is vulnerable to a denial-of-service\nvulnerability which can cause GAIM to freeze :\n\nCertain malformed SNAC packets sent by other AIM or ICQ users can\ntrigger an infinite loop in Gaim when parsing the SNAC. The remote\nuser would need a custom client, able to generate malformed SNACs.\"\n );\n # http://gaim.sourceforge.net/security/index.php?id=10\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/security/index.php?id=10\"\n );\n # https://vuxml.freebsd.org/freebsd/8b0e94cc-b5cd-11d9-a788-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c153be34\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ko-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gaim<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-gaim<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ko-gaim<1.1.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-gaim<1.1.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-11-01T03:20:11", "bulletinFamily": "scanner", "description": "An updated gaim package that fixes security issues is now available\nfor Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes\na message containing a URL. A remote attacker could send a carefully\ncrafted message resulting in the execution of arbitrary code on a\nvictim", "modified": "2019-11-02T00:00:00", "id": "REDHAT-RHSA-2005-432.NASL", "href": "https://www.tenable.com/plugins/nessus/18241", "published": "2005-05-11T00:00:00", "title": "RHEL 2.1 : gaim (RHSA-2005:432)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2005:432. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18241);\n script_version (\"1.22\");\n script_cvs_date(\"Date: 2019/10/25 13:36:11\");\n\n script_cve_id(\"CVE-2005-0472\", \"CVE-2005-1261\");\n script_xref(name:\"RHSA\", value:\"2005:432\");\n\n script_name(english:\"RHEL 2.1 : gaim (RHSA-2005:432)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An updated gaim package that fixes security issues is now available\nfor Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nThe Gaim application is a multi-protocol instant messaging client.\n\nA stack based buffer overflow bug was found in the way gaim processes\na message containing a URL. A remote attacker could send a carefully\ncrafted message resulting in the execution of arbitrary code on a\nvictim's machine. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CVE-2005-1261 to this issue.\n\nA bug in the way Gaim processes SNAC packets was discovered. It is\npossible that a remote attacker could send a specially crafted SNAC\npacket to a Gaim client, causing the client to stop responding. The\nCommon Vulnerabilities and Exposures project (cve.mitre.org) has\nassigned the name CVE-2005-0472 to this issue.\n\nUsers of Gaim are advised to upgrade to this updated package which\ncontains gaim version 0.59.9 with backported patches to correct these\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-0472\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2005-1261\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2005:432\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected gaim package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:2.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/03/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/05/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/05/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2\\.1([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 2.1\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2005:432\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL2.1\", cpu:\"i386\", reference:\"gaim-0.59.9-4.el2\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gaim\");\n }\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-11-01T02:37:05", "bulletinFamily": "scanner", "description": "The GAIM team reports :\n\nReceiving malformed HTML can result in an invalid memory access\ncausing Gaim to crash.", "modified": "2019-11-02T00:00:00", "id": "FREEBSD_PKG_142353DFB5CC11D9A7880001020EED82.NASL", "href": "https://www.tenable.com/plugins/nessus/18848", "published": "2005-07-13T00:00:00", "title": "FreeBSD : gaim -- remote DoS on receiving malformed HTML (142353df-b5cc-11d9-a788-0001020eed82)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(18848);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2019/08/02 13:32:37\");\n\n script_cve_id(\"CVE-2005-0208\", \"CVE-2005-0473\");\n\n script_name(english:\"FreeBSD : gaim -- remote DoS on receiving malformed HTML (142353df-b5cc-11d9-a788-0001020eed82)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The GAIM team reports :\n\nReceiving malformed HTML can result in an invalid memory access\ncausing Gaim to crash.\"\n );\n # http://gaim.sourceforge.net/security/index.php?id=11\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/security/index.php?id=11\"\n );\n # http://gaim.sourceforge.net/security/index.php?id=12\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.pidgin.im/security/index.php?id=12\"\n );\n # https://vuxml.freebsd.org/freebsd/142353df-b5cc-11d9-a788-0001020eed82.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4975159c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ja-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ko-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:ru-gaim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2005/02/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2005/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2005/07/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gaim<1.1.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ja-gaim<1.1.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ko-gaim<1.1.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"ru-gaim<1.1.4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:45", "bulletinFamily": "unix", "description": "### Background\n\nGaim is a full featured instant messaging client which handles a variety of instant messaging protocols. \n\n### Description\n\nSpecially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly (CAN-2005-0472). Malformed HTML code could lead to invalid memory accesses (CAN-2005-0208 and CAN-2005-0473). \n\n### Impact\n\nRemote attackers could exploit these issues, resulting in a Denial of Service. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Gaim users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-im/gaim-1.1.4\"", "modified": "2005-03-01T00:00:00", "published": "2005-03-01T00:00:00", "id": "GLSA-200503-03", "href": "https://security.gentoo.org/glsa/200503-03", "type": "gentoo", "title": "Gaim: Multiple Denial of Service issues", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "ubuntu": [{"lastseen": "2019-05-29T17:23:15", "bulletinFamily": "unix", "description": "The Gaim developers discovered that the HTML parser did not sufficiently validate its input. This allowed a remote attacker to crash the Gaim client by sending certain malformed HTML messages. (CAN-2005-0208, CAN-2005-0473)\n\nAnother lack of sufficient input validation was found in the \u201cOscar\u201d protocol handler which is used for ICQ and AIM. By sending specially crafted packets, remote users could trigger an infinite loop in Gaim which caused Gaim to become unresponsive and hang. (CAN-2005-0472)", "modified": "2005-02-26T00:00:00", "published": "2005-02-26T00:00:00", "id": "USN-85-1", "href": "https://usn.ubuntu.com/85-1/", "title": "Gaim vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "openvas": [{"lastseen": "2017-07-24T12:49:51", "bulletinFamily": "scanner", "description": "The remote host is missing updates announced in\nadvisory GLSA 200503-03.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=54868", "id": "OPENVAS:54868", "title": "Gentoo Security Advisory GLSA 200503-03 (gaim)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities have been found in Gaim which could allow a remote\nattacker to crash the application.\";\ntag_solution = \"All Gaim users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-im/gaim-1.1.4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200503-03\nhttp://bugs.gentoo.org/show_bug.cgi?id=83253\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200503-03.\";\n\n \n\nif(description)\n{\n script_id(54868);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2005-0208\", \"CVE-2005-0472\", \"CVE-2005-0473\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200503-03 (gaim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-im/gaim\", unaffected: make_list(\"ge 1.1.4\"), vulnerable: make_list(\"lt 1.1.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:19", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-19T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52546", "id": "OPENVAS:52546", "title": "FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim", "type": "openvas", "sourceData": "#\n#VID 8b0e94cc-b5cd-11d9-a788-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n gaim\n ja-gaim\n ko-gaim\n ru-gaim\n\nCVE-2005-0472\nGaim before 1.1.3 allows remote attackers to cause a denial of service\n(infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://gaim.sourceforge.net/security/index.php?id=10\nhttp://www.vuxml.org/freebsd/8b0e94cc-b5cd-11d9-a788-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52546);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(12589);\n script_cve_id(\"CVE-2005-0472\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package ja-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ko-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package ko-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.3\")<0) {\n txt += 'Package ru-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:49:57", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gaim\nannounced via advisory DSA 716-1.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=53545", "id": "OPENVAS:53545", "title": "Debian Security Advisory DSA 716-1 (gaim)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_716_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 716-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It has been discovered that certain malformed SNAC packets sent by\nother AIM or ICQ users can trigger an infinite loop in Gaim, a\nmulti-protocol instant messaging client, and hence lead to a denial of\nservice of the client.\n\nTwo more denial of service conditions have been discovered in newer\nversions of Gaim which are fixed in the package in sid but are not\npresent in the package in woody.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.58-2.5.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.1.3-1.\n\nWe recommend that you upgrade your gaim packages.\";\ntag_summary = \"The remote host is missing an update to gaim\nannounced via advisory DSA 716-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20716-1\";\n\nif(description)\n{\n script_id(53545);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:00:53 +0100 (Thu, 17 Jan 2008)\");\n script_bugtraq_id(12589);\n script_cve_id(\"CVE-2005-0472\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"Debian Security Advisory DSA 716-1 (gaim)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gaim\", ver:\"0.58-2.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gaim-common\", ver:\"0.58-2.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gaim-gnome\", ver:\"0.58-2.5\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-07-02T21:10:18", "bulletinFamily": "scanner", "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-19T00:00:00", "published": "2008-09-04T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=52547", "id": "OPENVAS:52547", "title": "FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim", "type": "openvas", "sourceData": "#\n#VID 142353df-b5cc-11d9-a788-0001020eed82\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following packages are affected:\n gaim\n ja-gaim\n ko-gaim\n ru-gaim\n\nCVE-2005-0208\nThe HTML parsing functions in Gaim before 1.1.4 allow remote attackers\nto cause a denial of service (application crash) via malformed HTML\nthat causes 'an invalid memory access,' a different vulnerability than\nCVE-2005-0473.\n\nCVE-2005-0473\nThe HTML parsing functions in Gaim before 1.1.3 allow remote attackers\nto cause a denial of service (application crash) via malformed HTML\nthat causes 'an invalid memory access,' a different vulnerability than\nCVE-2005-0208.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://gaim.sourceforge.net/security/index.php?id=11\nhttp://gaim.sourceforge.net/security/index.php?id=12\nhttp://www.vuxml.org/freebsd/142353df-b5cc-11d9-a788-0001020eed82.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52547);\n script_version(\"$Revision: 4112 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-19 15:17:59 +0200 (Mon, 19 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2005-0208\", \"CVE-2005-0473\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_name(\"FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4\")<0) {\n txt += 'Package gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ja-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4\")<0) {\n txt += 'Package ja-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ko-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4\")<0) {\n txt += 'Package ko-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\nbver = portver(pkg:\"ru-gaim\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.1.4\")<0) {\n txt += 'Package ru-gaim version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "redhat": [{"lastseen": "2019-08-13T18:46:24", "bulletinFamily": "unix", "description": "The Gaim application is a multi-protocol instant messaging client.\n\nTwo HTML parsing bugs were discovered in Gaim. It is possible that a remote\nattacker could send a specially crafted message to a Gaim client, causing\nit to crash. The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the names CAN-2005-0208 and CAN-2005-0473 to\nthese issues.\n\nA bug in the way Gaim processes SNAC packets was discovered. It is\npossible that a remote attacker could send a specially crafted SNAC packet\nto a Gaim client, causing the client to stop responding. The Common\nVulnerabilities and Exposures project (cve.mitre.org) has assigned the name\nCAN-2005-0472 to this issue.\n\nAdditionally, various client crashes, memory leaks, and protocol issues\nhave been resolved.\n\nUsers of Gaim are advised to upgrade to this updated package which contains\nGaim version 1.1.4 and is not vulnerable to these issues.", "modified": "2017-09-08T11:55:42", "published": "2005-03-10T05:00:00", "id": "RHSA-2005:215", "href": "https://access.redhat.com/errata/RHSA-2005:215", "type": "redhat", "title": "(RHSA-2005:215) gaim security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-08-13T18:45:08", "bulletinFamily": "unix", "description": "The Gaim application is a multi-protocol instant messaging client.\r\n\r\nA stack based buffer overflow bug was found in the way gaim processes a\r\nmessage containing a URL. A remote attacker could send a carefully crafted\r\nmessage resulting in the execution of arbitrary code on a victim's machine.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1261 to this issue.\r\n\r\nA bug in the way Gaim processes SNAC packets was discovered. It is possible\r\nthat a remote attacker could send a specially crafted SNAC packet to a Gaim\r\nclient, causing the client to stop responding. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472\r\nto this issue.\r\n\r\nUsers of Gaim are advised to upgrade to this updated package which contains\r\ngaim version 0.59.9 with backported patches to correct these issues.", "modified": "2018-03-14T19:27:52", "published": "2005-05-11T04:00:00", "id": "RHSA-2005:432", "href": "https://access.redhat.com/errata/RHSA-2005:432", "type": "redhat", "title": "(RHSA-2005:432) gaim security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:59", "bulletinFamily": "unix", "description": "\nThe GAIM team reports that GAIM is vulnerable to a\n\t denial-of-service vulnerability which can cause GAIM to\n\t freeze:\n\nCertain malformed SNAC packets sent by other AIM or ICQ\n\t users can trigger an infinite loop in Gaim when parsing\n\t the SNAC. The remote user would need a custom client, able\n\t to generate malformed SNACs.\n\n", "modified": "2005-02-17T00:00:00", "published": "2005-02-17T00:00:00", "id": "8B0E94CC-B5CD-11D9-A788-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/8b0e94cc-b5cd-11d9-a788-0001020eed82.html", "title": "gaim -- AIM/ICQ remote denial of service vulnerability", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:34:59", "bulletinFamily": "unix", "description": "\nThe GAIM team reports:\n\nReceiving malformed HTML can result in an invalid memory\n\t access causing Gaim to crash.\n\n", "modified": "2005-02-17T00:00:00", "published": "2005-02-17T00:00:00", "id": "142353DF-B5CC-11D9-A788-0001020EED82", "href": "https://vuxml.freebsd.org/freebsd/142353df-b5cc-11d9-a788-0001020eed82.html", "title": "gaim -- remote DoS on receiving malformed HTML", "type": "freebsd", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "cert": [{"lastseen": "2019-10-09T19:52:00", "bulletinFamily": "info", "description": "### Overview \n\nGaim contains a flaw in the processing of certain packets that may cause a denial of service.\n\n### Description \n\nFrom the Gaim project:\n\n_Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks_ \n \nGaim is susceptible to receiving a malformed AIM/ICQ OSCAR SNAC packet that may cause Gaim to enter an infinite processing loop. Please note that creating this type of malformed SNAC packet requires a custom client capable of crafting malicious invalid packets. \n \n--- \n \n### Impact \n\nA remote attacker may be able to cause Gaim and the local system to become unresponsive or to cause Gaim to crash. \n \n--- \n \n### Solution \n\n**Apply an update** \nThis flaw has been fixed in Gaim 1.1.3, along with other potential security vulnerabilities. All users may download an update at the [Gaim Downloads page](<http://gaim.sourceforge.net/downloads.php>). \n \n--- \n \nAs a best practice and potential workaround, users should not accept unexpected messages from unknown sources. \n \n--- \n \n### Vendor Information\n\n839280\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Gaim\n\nUpdated: February 21, 2005 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Gaim project has published a [Gaim Vulnerability note concerning this flaw](<http://gaim.sourceforge.net/security/index.php?id=10>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23839280 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://secunia.com/advisories/14322/>\n * <http://gaim.sourceforge.net/security/index.php?id=10>\n\n### Acknowledgements\n\nThanks to the Gaim project for reporting this vulnerability.\n\nThis document was written by Ken MacInnis based primarily on information from the Gaim project.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0472](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0472>) \n---|--- \n**Severity Metric:****** | 1.28 \n**Date Public:** | 2005-02-17 \n**Date First Published:** | 2005-02-21 \n**Date Last Updated: ** | 2005-02-22 14:21 UTC \n**Document Revision: ** | 10 \n", "modified": "2005-02-22T14:21:00", "published": "2005-02-21T00:00:00", "id": "VU:839280", "href": "https://www.kb.cert.org/vuls/id/839280", "type": "cert", "title": "Gaim vulnerable to malformed SNAC packet infinite processing loop", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-10-09T19:52:00", "bulletinFamily": "info", "description": "### Overview \n\nGaim contains a flaw in HTML processing that may result in an invalid memory access and denial of service condition.\n\n### Description \n\nFrom the Gaim project:\n\n_Gaim is a multi-protocol instant messaging (IM) client for Linux, BSD, MacOS X, and Windows. It is compatible with AIM and ICQ (Oscar protocol), MSN Messenger, Yahoo!, IRC, Jabber, Gadu-Gadu, SILC, GroupWise Messenger, and Zephyr networks_ \n \nGaim is susceptible to receiving a malformed HTML message which may result in an invalid memory access. \n \n--- \n \n### Impact \n\nA remote attacker can cause Gaim to crash, causing a denial of service condition. \n \n--- \n \n### Solution \n\n**Apply an update** \nThis flaw has been fixed in Gaim 1.1.3, along with other potential security vulnerabilities. All users may download an update at the [Gaim Downloads page](<http://gaim.sourceforge.net/downloads.php>). \n \n--- \n \nAs a best practice and potential workaround, users should not accept unexpected messages from unknown sources. \n \n--- \n \n### Vendor Information\n\n523888\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Vendor has issued information\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n__ Affected __ Unknown __ Unaffected \n\n**Javascript is disabled. Click here to view vendors.**\n\n### __ Gaim\n\nUpdated: February 21, 2005 \n\n### Status\n\n__ Vulnerable\n\n### Vendor Statement\n\nNo statement is currently available from the vendor regarding this vulnerability.\n\n### Vendor Information\n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThe Gaim project has issued a [Gaim Vulnerability note regarding this flaw](<http://gaim.sourceforge.net/security/index.php?id=11>).\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23523888 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | N/A | N/A \nTemporal | N/A | N/A \nEnvironmental | | N/A \n \n \n\n\n### References \n\n * <http://secunia.com/advisories/14322/>\n * <http://gaim.sourceforge.net/security/index.php?id=11>\n\n### Acknowledgements\n\nThanks to the Gaim project for reporting this vulnerability.\n\nThis document was written by Ken MacInnis based primarily on information from the Gaim project.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2005-0473](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0473>) \n---|--- \n**Severity Metric:****** | 1.28 \n**Date Public:** | 2005-02-17 \n**Date First Published:** | 2005-02-21 \n**Date Last Updated: ** | 2005-02-21 21:41 UTC \n**Document Revision: ** | 8 \n", "modified": "2005-02-21T21:41:00", "published": "2005-02-21T00:00:00", "id": "VU:523888", "href": "https://www.kb.cert.org/vuls/id/523888", "type": "cert", "title": "Gaim vulnerable to HTML processing denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2019-05-30T02:22:40", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 716-1 security@debian.org\nhttp://www.debian.org/security/ Martin Schulze\nApril 27th, 2005 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gaim\nVulnerability : denial of service\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CAN-2005-0472\n\nIt has been discovered that certain malformed SNAC packets sent by\nother AIM or ICQ users can trigger an infinite loop in Gaim, a\nmulti-protocol instant messaging client, and hence lead to a denial of\nservice of the client.\n\nTwo more denial of service conditions have been discovered in newer\nversions of Gaim which are fixed in the package in sid but are not\npresent in the package in woody.\n\nFor the stable distribution (woody) this problem has been fixed in\nversion 0.58-2.5.\n\nFor the unstable distribution (sid) these problems have been fixed in\nversion 1.1.3-1.\n\nWe recommend that you upgrade your gaim packages.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.0 alias woody\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.dsc\n Size/MD5 checksum: 681 e985a045131d5ad43c2192533d581d49\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5.diff.gz\n Size/MD5 checksum: 23078 688d4d51bd00e863c4c911f539708f0d\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz\n Size/MD5 checksum: 1928057 644df289daeca5f9dd3983d65c8b2407\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_alpha.deb\n Size/MD5 checksum: 480588 297fed5e44fab4f49c3c103159ee3dc4\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_alpha.deb\n Size/MD5 checksum: 674918 1a59dbf94b98f25c18eaeee28aab5910\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_alpha.deb\n Size/MD5 checksum: 501450 bbe7cdac070bed0937596df34052c555\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_arm.deb\n Size/MD5 checksum: 401938 1f9588d2015c20477f35f59de2e67190\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_arm.deb\n Size/MD5 checksum: 615258 6a1d88825004fb405881674236b5f34b\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_arm.deb\n Size/MD5 checksum: 422646 eab79e46b080475268510509635388b2\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_i386.deb\n Size/MD5 checksum: 389530 e4b3815727835a3ab112fb109a328021\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_i386.deb\n Size/MD5 checksum: 605678 619283e7b98add8bf725beb71a3de75b\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_i386.deb\n Size/MD5 checksum: 409274 c81aa5abd01455d0b082c6503e5abb32\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_ia64.deb\n Size/MD5 checksum: 557214 f57cd6a3c35d2d7042690e5584d3c49c\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_ia64.deb\n Size/MD5 checksum: 765410 33b7051caea6919c87519bc9c570ef69\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_ia64.deb\n Size/MD5 checksum: 570064 2a9d5dbdd9b1bc7470d3a7a12cf3b453\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_hppa.deb\n Size/MD5 checksum: 459698 74a1621f52f73e436aeffc82e1c528a5\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_hppa.deb\n Size/MD5 checksum: 691344 06a88c54e725114cb0818b50dce65fd5\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_hppa.deb\n Size/MD5 checksum: 481568 5aaf2370d855711ae2d2916c13831f0b\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_m68k.deb\n Size/MD5 checksum: 370690 627841728dabb3c6e83e60c8001a0ac4\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_m68k.deb\n Size/MD5 checksum: 622818 e4205658f157914fc5cea27c7248a71d\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_m68k.deb\n Size/MD5 checksum: 392316 8ee4f81a43e8b9ae123adadba2eed04c\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mips.deb\n Size/MD5 checksum: 406618 354027157ccc8439f28f3d05198cce12\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mips.deb\n Size/MD5 checksum: 615058 36c64cdcac52153d504eb7e246560510\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mips.deb\n Size/MD5 checksum: 427314 7f59f09c347ed39a12fad8408c40fab3\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_mipsel.deb\n Size/MD5 checksum: 397210 f690bab2d77b7f5bc5c207ab8799a7ae\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_mipsel.deb\n Size/MD5 checksum: 607548 a62777c3ba8590660821edb1f46947ee\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_mipsel.deb\n Size/MD5 checksum: 416922 31b725e25888062257b1d9a212450a0e\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_powerpc.deb\n Size/MD5 checksum: 413722 b499efefdd53e1e1f99c82fe4345d740\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_powerpc.deb\n Size/MD5 checksum: 643070 e6a50e343c77e80e72c26570e4086452\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_powerpc.deb\n Size/MD5 checksum: 434530 be29354736f00ed85d5aa36d0bb86330\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_s390.deb\n Size/MD5 checksum: 399718 1328ff0fecf64d0a8db50bcbf6a4307d\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_s390.deb\n Size/MD5 checksum: 644284 c668b1de2ad8c707c5f8ad2de456bf9c\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_s390.deb\n Size/MD5 checksum: 422222 14e4654f7df7c22fb6e8240908c7836c\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.5_sparc.deb\n Size/MD5 checksum: 409866 7d8a00f61567dea550246ba36ee8f350\n http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.5_sparc.deb\n Size/MD5 checksum: 654072 aca9f7da61fa3f05e5394844fd1cc0ba\n http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.5_sparc.deb\n Size/MD5 checksum: 428798 d4eb82d10dfcaee16df40d3c4547e809\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show &lt;pkg&gt;&#x27; and http://packages.debian.org/&lt;pkg&gt;\n\n", "modified": "2005-04-27T00:00:00", "published": "2005-04-27T00:00:00", "id": "DEBIAN:DSA-716-1:EDBEE", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00098.html", "title": "[SECURITY] [DSA 716-1] New gaim packages fix denial of service", "type": "debian", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 1.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://gaim.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:049)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2005-215.html)\n[Vendor Specific Advisory URL](http://gaim.sourceforge.net/security/index.php?id=10)\nSecurity Tracker: 1013234\n[Secunia Advisory ID:14410](https://secuniaresearch.flexerasoftware.com/advisories/14410/)\n[Secunia Advisory ID:14446](https://secuniaresearch.flexerasoftware.com/advisories/14446/)\n[Secunia Advisory ID:15334](https://secuniaresearch.flexerasoftware.com/advisories/15334/)\n[Secunia Advisory ID:16050](https://secuniaresearch.flexerasoftware.com/advisories/16050/)\n[Secunia Advisory ID:14322](https://secuniaresearch.flexerasoftware.com/advisories/14322/)\n[Secunia Advisory ID:14563](https://secuniaresearch.flexerasoftware.com/advisories/14563/)\n[Secunia Advisory ID:14374](https://secuniaresearch.flexerasoftware.com/advisories/14374/)\n[Secunia Advisory ID:15149](https://secuniaresearch.flexerasoftware.com/advisories/15149/)\n[Related OSVDB ID: 13924](https://vulners.com/osvdb/OSVDB:13924)\nRedHat RHSA: RHSA-2005:429\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2005-Jul/0004.html\nOther Advisory URL: http://www.debian.org/security/2005/dsa-716\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-85-1\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200503-03.xml\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000933\n[CVE-2005-0472](https://vulners.com/cve/CVE-2005-0472)\n", "modified": "2005-02-17T08:04:31", "published": "2005-02-17T08:04:31", "href": "https://vulners.com/osvdb/OSVDB:13923", "id": "OSVDB:13923", "title": "Gaim Malformed SNAC Packet Parsing DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "description": "## Solution Description\nUpgrade to version 1.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://gaim.sourceforge.net/\n[Vendor Specific Advisory URL](http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:049)\n[Vendor Specific Advisory URL](http://rhn.redhat.com/errata/RHSA-2005-215.html)\n[Vendor Specific Advisory URL](http://gaim.sourceforge.net/security/index.php?id=11)\nSecurity Tracker: 1013235\n[Secunia Advisory ID:14410](https://secuniaresearch.flexerasoftware.com/advisories/14410/)\n[Secunia Advisory ID:14446](https://secuniaresearch.flexerasoftware.com/advisories/14446/)\n[Secunia Advisory ID:14322](https://secuniaresearch.flexerasoftware.com/advisories/14322/)\n[Secunia Advisory ID:14563](https://secuniaresearch.flexerasoftware.com/advisories/14563/)\n[Secunia Advisory ID:14374](https://secuniaresearch.flexerasoftware.com/advisories/14374/)\n[Related OSVDB ID: 13923](https://vulners.com/osvdb/OSVDB:13923)\nOther Advisory URL: http://www.ubuntulinux.org/support/documentation/usn/usn-85-1\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200503-03.xml\nOther Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000933\n[CVE-2005-0473](https://vulners.com/cve/CVE-2005-0473)\n", "modified": "2005-02-17T08:04:31", "published": "2005-02-17T08:04:31", "href": "https://vulners.com/osvdb/OSVDB:13924", "id": "OSVDB:13924", "title": "Gaim Malformed HTML Parsing DoS", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "centos": [{"lastseen": "2019-05-29T18:35:42", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2005:432-01\n\n\nThe Gaim application is a multi-protocol instant messaging client.\r\n\r\nA stack based buffer overflow bug was found in the way gaim processes a\r\nmessage containing a URL. A remote attacker could send a carefully crafted\r\nmessage resulting in the execution of arbitrary code on a victim's machine.\r\nThe Common Vulnerabilities and Exposures project (cve.mitre.org) has\r\nassigned the name CAN-2005-1261 to this issue.\r\n\r\nA bug in the way Gaim processes SNAC packets was discovered. It is possible\r\nthat a remote attacker could send a specially crafted SNAC packet to a Gaim\r\nclient, causing the client to stop responding. The Common Vulnerabilities\r\nand Exposures project (cve.mitre.org) has assigned the name CAN-2005-0472\r\nto this issue.\r\n\r\nUsers of Gaim are advised to upgrade to this updated package which contains\r\ngaim version 0.59.9 with backported patches to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2005-May/011657.html\n\n**Affected packages:**\ngaim\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "modified": "2005-05-11T23:15:37", "published": "2005-05-11T23:15:37", "href": "http://lists.centos.org/pipermail/centos-announce/2005-May/011657.html", "id": "CESA-2005:432-01", "title": "gaim security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T11:55:38", "bulletinFamily": "unix", "description": "Sudo(8) allows the execution of commands as another user and gives the administrator more flexibility than su(1). A race condition in the pathname handling of sudo may allow a local user to execute arbitrary commands. To exploit this bug some conditions need to be fulfilled. The attacking user needs to be listed in the sudoers file, he is able to create symbolic links in the filesystem, and a ALL alias- command needs to follow the attackers entry.\n#### Solution\nIt is recommended to install the updated packages.", "modified": "2005-06-24T12:44:43", "published": "2005-06-24T12:44:43", "id": "SUSE-SA:2005:036", "href": "http://lists.opensuse.org/opensuse-security-announce/2005-06/msg00024.html", "title": "race condition, arbitrary code execution in sudo", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}