Slackware 9.0 / 9.1 / current : GAIM security update (SSA:2004-026-01)

2005-07-13T00:00:00
ID SLACKWARE_SSA_2004-026-01.NASL
Type nessus
Reporter Tenable
Modified 2013-06-01T00:00:00

Description

GAIM is a GTK2-based Instant Messaging (IM) client. New GAIM packages are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities were found in the instant messenger GAIM that allow remote compromise. All sites using GAIM should upgrade to these new packages. These are based on GAIM 0.75 with patches for all 12 security issues. Thanks to Stefan Esser of e-matters GmbH for finding and reporting these bugs.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Slackware Security Advisory 2004-026-01. The text 
# itself is copyright (C) Slackware Linux, Inc.
#

include("compat.inc");

if (description)
{
  script_id(18750);
  script_version("$Revision: 1.11 $");
  script_cvs_date("$Date: 2013/06/01 00:36:12 $");

  script_xref(name:"SSA", value:"2004-026-01");

  script_name(english:"Slackware 9.0 / 9.1 / current : GAIM security update (SSA:2004-026-01)");
  script_summary(english:"Checks for updated package in /var/log/packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Slackware host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"GAIM is a GTK2-based Instant Messaging (IM) client. New GAIM packages
are available for Slackware 9.0, 9.1, and -current. 12 vulnerabilities
were found in the instant messenger GAIM that allow remote compromise.
All sites using GAIM should upgrade to these new packages. These are
based on GAIM 0.75 with patches for all 12 security issues. Thanks to
Stefan Esser of e-matters GmbH for finding and reporting these bugs."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://security.e-matters.de/advisories/012004.html"
  );
  # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.361158
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6671892e"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected gaim package.");
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:gaim");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/01/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.");
  script_family(english:"Slackware Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("slackware.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware");
if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING);


cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu);


flag = 0;
if (slackware_check(osver:"9.0", pkgname:"gaim", pkgver:"0.75", pkgarch:"i386", pkgnum:"1")) flag++;

if (slackware_check(osver:"9.1", pkgname:"gaim", pkgver:"0.75", pkgarch:"i486", pkgnum:"1")) flag++;

if (slackware_check(osver:"current", pkgname:"gaim", pkgver:"0.75", pkgarch:"i486", pkgnum:"1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");