ID de Prueba:	1.3.6.1.4.1.25623.1.0.50834
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:054-1 (gaim)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gaim announced via advisory MDKSA-2002:054-1. Versions of Gaim (an AOL instant message client) prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the manual browser command passes an untrusted string to the shell without reliable quoting or escaping. This allows an attacker to execute arbitrary commands on the user's machine with the user's permissions. Those using the built-in browser commands are not vulnerable. Update: The 8.1 package had an incorrect dependency on perl. This package has been replaced with a proper package. Please note the differing md5 sums. Affected versions: 8.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:054-1 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0384 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0989 http://gaim.sourceforge.net/ChangeLog Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0384 BugTraq ID: 5406 http://www.securityfocus.com/bid/5406 HPdes Security Advisory: HPSBTL0208-057 http://online.securityfocus.com/advisories/4358 http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054 http://www.osvdb.org/3729 http://www.redhat.com/support/errata/RHSA-2002-098.html http://www.redhat.com/support/errata/RHSA-2002-107.html http://www.redhat.com/support/errata/RHSA-2002-122.html http://www.redhat.com/support/errata/RHSA-2003-156.html http://www.iss.net/security_center/static/9766.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0989 BugTraq ID: 5574 http://www.securityfocus.com/bid/5574 Bugtraq: 20020827 GLSA: gaim (Google Search) http://marc.info/?l=bugtraq&m=103046442403404&w=2 Conectiva Linux advisory: CLA-2002:521 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521 Debian Security Information: DSA-158 (Google Search) http://www.debian.org/security/2002/dsa-158 FreeBSD Security Advisory: FreeBSD-SN-02:06 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc HPdes Security Advisory: HPSBTL0209-067 http://online.securityfocus.com/advisories/4471 http://www.osvdb.org/5033 http://www.redhat.com/support/errata/RHSA-2002-189.html http://www.redhat.com/support/errata/RHSA-2002-190.html http://www.redhat.com/support/errata/RHSA-2002-191.html http://www.iss.net/security_center/static/9978.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.