Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> Red Hat Local Security Checks >> RHSA-2004-045: gaim

Vulnerability Assessment Details

RHSA-2004-045: gaim
Vulnerability Assessment Summary
Check for the version of the gaim packages

Detailed Explanation for this Vulnerability Assessment


Updated Gaim packages that fix a pair of security vulnerabilities are now
available.

Gaim is an instant messenger client that can handle multiple protocols.

Stefan Esser audited the Gaim source code and found a number of bugs that
have security implications. Many of these bugs do not affect the version
of Gaim distributed with version 2.1 of Red Hat Enterprise Linux.

A buffer overflow exists in the HTTP Proxy connect code. If Gaim is
configured to use an HTTP proxy for connecting to a server, a malicious
HTTP proxy could run arbitrary code as the user running Gaim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0006 to this issue.

An integer overflow in Gaim 0.74 and earlier, when allocating memory for a
directIM packet for AIM/Oscar, results in heap overflow. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0008 to this issue.

Users of Gaim should upgrade to these erratum packages, which contain
a backported security patch correcting this issue.

Red Hat would like to thank Steffan Esser for finding and reporting these
issues and Jacques A. Vidrine for providing initial patches.




Solution : http://rhn.redhat.com/errata/RHSA-2004-045.html
Network Security Threat Level: High

Networks Security ID:

Vulnerability Assessment Copyright: This script is Copyright (C) 2004 Tenable Network Security
Cables, Connectors


DELL PowerEdge R730XD 24x 2.5

DELL PowerEdge R730XD 24x 2.5" Server Dual 750W Dual Heatsink - BareBones TESTED

$269.99


Supermicro 4U 36 Bay Storage Server 2.4Ghz 8-C 128GB 1x1280W Rails TrueNAS ZFS picture

Supermicro 4U 36 Bay Storage Server 2.4Ghz 8-C 128GB 1x1280W Rails TrueNAS ZFS

$721.06


HP ProLiant DL360 G9 Server | 2 x E5-2660V3 2.6Ghz | 64GB | 2 x 900GB SAS HDD picture

HP ProLiant DL360 G9 Server | 2 x E5-2660V3 2.6Ghz | 64GB | 2 x 900GB SAS HDD

$339.00


H261-Z61 2U 24SFF AMD Server 8x EPYC 7551 256-Cores 256GB RAM 8x25G NIC 2x2200W picture

H261-Z61 2U 24SFF AMD Server 8x EPYC 7551 256-Cores 256GB RAM 8x25G NIC 2x2200W

$2612.18


Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD picture

Dell PowerEdge R730XD 28 Core Server 2X Xeon E5-2680 V4 H730 128GB RAM No HDD

$389.99


DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45 picture

DELL PowerEdge R730 Server 2x E5-2690v3 2.6GHz =24 Cores 32GB H730 4xRJ45

$274.00


HP Proliant DL360 Gen9 28 Core SFF Server 2X E5-2680 V4 16GB RAM P440ar No HDD picture

HP Proliant DL360 Gen9 28 Core SFF Server 2X E5-2680 V4 16GB RAM P440ar No HDD

$196.95


Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB picture

Dell PowerEdge R720XD Xeon E5-2680 V2 2.8GHz 20 Cores 256GB RAM 12x4TB

$510.00


HP ProLiant DL360 Gen9 Server 2x E5-2699v3 2.3GHz =36 Cores 32GB P440AR 4xRJ45 picture

HP ProLiant DL360 Gen9 Server 2x E5-2699v3 2.3GHz =36 Cores 32GB P440AR 4xRJ45

$309.00


1U Supermicro Server 10 Bay 2x Intel Xeon 3.3Ghz 8C 128GB RAM 480GB SSD 2x 10GBE picture

1U Supermicro Server 10 Bay 2x Intel Xeon 3.3Ghz 8C 128GB RAM 480GB SSD 2x 10GBE

$297.00


Discussions

No Discussions have been posted on this vulnerability.