Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2005:086: gaim Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the gaim package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2005:086 (gaim).
More vulnerabilities have been found in the gaim instant messaging client. A
stack-based buffer overflow bug was found in how gaim processes a message
containing a URL
a remote attacker could send a carefully crafted message to
cause the execution of arbitrary code on the user's machine (CVE-2005-1261).
Another bug was found in how gaim handles malformed MSN messages
a possible hacker
could send a carefully crafted MSN message that would cause gaim to crash
Gaim version 1.3.0 fixes these issues and is provided with this update.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2005:086
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.