Test ID:	1.3.6.1.4.1.25623.1.0.51811
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2005:049 (gaim)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to gaim announced via advisory MDKSA-2005:049. Gaim versions prior to version 1.1.4 suffer from a few security issues such as the HTML parses not sufficiently validating its input. This allowed a remote attacker to crash the Gaim client be sending certain malformed HTML messages (CVE-2005-0208 and CVE-2005-0473). As well, insufficient input validation was also discovered in the Oscar protocol handler, used for ICQ and AIM. By sending specially crafted packets, remote users could trigger an inifinite loop in Gaim causing it to become unresponsive and hang (CVE-2005-0472). Gaim 1.1.4 is provided and fixes these issues. Affected versions: 10.0, 10.1, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:049 http://gaim.sourceforge.net/security/index.php?id=10 http://gaim.sourceforge.net/security/index.php?id=11 http://gaim.sourceforge.net/security/index.php?id=12 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0208 BugTraq ID: 12660 http://www.securityfocus.com/bid/12660 Bugtraq: 20050225 [USN-85-1] Gaim vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=110935655500670&w=2 CERT/CC vulnerability note: VU#795812 http://www.kb.cert.org/vuls/id/795812 Conectiva Linux advisory: CLA-2005:933 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933 http://www.securityfocus.com/archive/1/426078/100/0/threaded http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:049 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10477 http://www.redhat.com/support/errata/RHSA-2005-215.html http://secunia.com/advisories/14386 SuSE Security Announcement: SUSE-SA:2005:036 (Google Search) http://www.novell.com/linux/security/advisories/2005_36_sudo.html Common Vulnerability Exposure (CVE) ID: CVE-2005-0473 12589 http://www.securityfocus.com/bid/12589 14322 http://secunia.com/advisories/14322 20050225 [USN-85-1] Gaim vulnerabilities CLA-2005:933 FLSA:158543 GLSA-200503-03 MDKSA-2005:049 RHSA-2005:215 SUSE-SA:2005:036 VU#523888 http://www.kb.cert.org/vuls/id/523888 gaim-html-dos(19381) https://exchange.xforce.ibmcloud.com/vulnerabilities/19381 http://gaim.sourceforge.net/security/index.php?id=11 oval:org.mitre.oval:def:10212 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10212 Common Vulnerability Exposure (CVE) ID: CVE-2005-0472 DSA-716 http://www.debian.org/security/2005/dsa-716 RHSA-2005:432 http://www.redhat.com/support/errata/RHSA-2005-432.html VU#839280 http://www.kb.cert.org/vuls/id/839280 gaim-snac-dos(19380) https://exchange.xforce.ibmcloud.com/vulnerabilities/19380 http://gaim.sourceforge.net/security/index.php?id=10 oval:org.mitre.oval:def:10433 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10433
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.