|
Vulnerability Assessment & Network Security Forums |
|||||||||
If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important. If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery. Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA158] DSA-158-1 gaim Vulnerability Assessment Details
|
[DSA158] DSA-158-1 gaim |
||
DSA-158-1 gaim Detailed Explanation for this Vulnerability Assessment The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code. The 'Manual' browser command passes an untrusted string to the shell without escaping or reliable quoting, permitting a possible hacker to execute arbitrary commands on the users machine. Unfortunately, Gaim doesn't display the hyperlink before the user clicks on it. Users who use other inbuilt browser commands aren't vulnerable. This problem has been fixed in version 0.58-2.2 for the current stable distribution (woody) and in version 0.59.1-2 for the unstable distribution (sid). The old stable distribution (potato) is not affected since it doesn't ship the Gaim program. The fixed version of Gaim no longer passes the user's manual browser command to the shell. Commands which contain the %s in quotes will need to be amended, so they don't contain any quotes. The 'Manual' browser command can be edited in the 'General' pane of the 'Preferences' dialog, which can be accessed by clicking 'Options' from the login window, or 'Tools' and then 'Preferences' from the menu bar in the buddy list window. We recommend that you upgrade your gaim package immediately. Solution : http://www.debian.org/security/2002/dsa-158 Network Security Threat Level: High Networks Security ID: 5574 Vulnerability Assessment Copyright: This script is (C) 2005 Michel Arboi |
||
Cables, Connectors |
DELL PowerEdge R730XD 24x 2.5" Server Dual 750W Dual Heatsink - BareBones TESTED
$269.99
Supermicro 4U 36 Bay Storage Server 2.4Ghz 8-C 128GB 1x1280W Rails TrueNAS ZFS
$721.06
CSE-118 Supermicro 1U GPU Server 2.6Ghz 28-C 128GB 2x Nvidia K40 GPU 2x1600W PSU
$580.03
Supermicro 4U 4x Nvidia GPU AI Server 2.1Ghz 16-Core 192GB 2x10G SFP+ 2x2200W
$1250.00
Intel Xeon E5-2680 v4 2.4GHz 35MB 14-Core 120W LGA2011-3 SR2N7
$17.99
Intel Xeon Gold 6140 SR3AX 2.3GHz 18-Core Processor CPU
$44.99
Intel Xeon E5-2697 v2 2.7GHz 30M 12-Core LGA2011 CPU Processor SR19H
$27.99
Intel Xeon E5-2697A V4 2.6GHz CPU Processor 16-Core Socket LGA2011 SR2K1
$39.99
Intel Xeon Gold 6226 12-Core 2.70GHz Processor SRFPP - QTY
$399.00
DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45
$274.00
|
||
No Discussions have been posted on this vulnerability. |