|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200507-26] GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library Vulnerability Scan
Vulnerability Scan Summary
GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200507-26
(GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library)
GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an
integer overflow.
Impact
A remote attacker could exploit the integer overflow to execute
arbitrary code or cause a Denial of Service.
Workaround
There is no known workaround at this time.
References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1852
http://www.securityfocus.com/archive/1/406026/30/
Solution:
All GNU Gadu users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gnugadu-2.2.6-r1"
All Kadu users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/kadu-0.4.1"
All EKG users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/ekg-1.6_rc3"
All libgadu users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libgadu-20050719"
All CenterICQ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/centericq-4.20.0-r3"
CenterICQ is no longer distributed with Gadu Gadu support,
affected users are encouraged to migrate to an alternative package.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
