CVE-2004-0500
CVSS7.5
发布时间 :2004-09-28 00:00:00
修订时间 :2010-08-21 00:20:39
NMCOPS    

[原文]Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.


[CNNVD]Gaim MSN协议处理远程缓冲区溢出漏洞(CNNVD-200409-078)

        
        Gaim是一款多协议即时聊天程序。
        Gaim在处理MSN协议上存在多个缓冲区溢出问题,远程攻击者可以利用这些漏洞以Gaim进程权限在系统上执行任意指令。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64
cpe:/a:rob_flynn:gaim:0.51
cpe:/a:rob_flynn:gaim:0.65
cpe:/a:rob_flynn:gaim:0.63
cpe:/a:rob_flynn:gaim:0.56
cpe:/a:rob_flynn:gaim:0.69
cpe:/a:rob_flynn:gaim:0.54
cpe:/a:rob_flynn:gaim:0.10.3
cpe:/a:rob_flynn:gaim:0.60
cpe:/a:rob_flynn:gaim:0.10
cpe:/a:rob_flynn:gaim:0.74
cpe:/a:rob_flynn:gaim:0.71
cpe:/a:rob_flynn:gaim:0.58
cpe:/a:rob_flynn:gaim:0.62
cpe:/a:rob_flynn:gaim:0.55
cpe:/a:rob_flynn:gaim:0.75
cpe:/a:rob_flynn:gaim:0.57
cpe:/a:rob_flynn:gaim:0.73
cpe:/a:rob_flynn:gaim:0.53
cpe:/a:rob_flynn:gaim:0.61
cpe:/a:rob_flynn:gaim:0.72
cpe:/a:rob_flynn:gaim:0.50
cpe:/a:rob_flynn:gaim:0.67
cpe:/a:rob_flynn:gaim:0.64
cpe:/o:mandrakesoft:mandrake_linux:9.2::amd64
cpe:/a:rob_flynn:gaim:0.59.1
cpe:/o:mandrakesoft:mandrake_linux:9.2MandrakeSoft Mandrake Linux 9.2
cpe:/a:rob_flynn:gaim:0.70
cpe:/o:mandrakesoft:mandrake_linux:10.0MandrakeSoft Mandrake Linux 10.0
cpe:/a:rob_flynn:gaim:0.59
cpe:/o:gentoo:linux:1.4Gentoo Linux 1.4
cpe:/a:rob_flynn:gaim:0.68
cpe:/a:rob_flynn:gaim:0.66
cpe:/a:rob_flynn:gaim:0.52

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9429Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of ser...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0500
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0500
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200409-078
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/16920
(VENDOR_ADVISORY)  XF  gaim-msn-bo(16920)
http://www.securityfocus.com/bid/10865
(VENDOR_ADVISORY)  BID  10865
http://www.gentoo.org/security/en/glsa/glsa-200408-12.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200408-12
http://www.redhat.com/support/errata/RHSA-2004-400.html
(UNKNOWN)  REDHAT  RHSA-2004:400
http://www.novell.com/linux/security/advisories/2004_25_gaim.html
(UNKNOWN)  SUSE  SUSE-SA:2004:025
http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:081
(UNKNOWN)  MANDRAKE  MDKSA-2004:081
http://www.gentoo.org/security/en/glsa/glsa-200408-27.xml
(UNKNOWN)  GENTOO  GLSA-200408-27
http://www.fedoranews.org/updates/FEDORA-2004-279.shtml
(UNKNOWN)  FEDORA  FEDORA-2004-279
http://www.fedoranews.org/updates/FEDORA-2004-278.shtml
(UNKNOWN)  FEDORA  FEDORA-2004-278
http://gaim.sourceforge.net/security/?id=0
(UNKNOWN)  CONFIRM  http://gaim.sourceforge.net/security/?id=0

- 漏洞信息

Gaim MSN协议处理远程缓冲区溢出漏洞
高危 边界条件错误
2004-09-28 00:00:00 2005-10-20 00:00:00
远程  
        
        Gaim是一款多协议即时聊天程序。
        Gaim在处理MSN协议上存在多个缓冲区溢出问题,远程攻击者可以利用这些漏洞以Gaim进程权限在系统上执行任意指令。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        Rob Flynn
        ---------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://gaim.sourceforge.net/

- 漏洞信息 (F34673)

Fedora Legacy Update Advisory 1237 (PacketStormID:F34673)
2004-10-16 00:00:00
The Fedora Legacy project  gaim.sourceforge.net
advisory,overflow,protocol
linux,fedora
CVE-2004-0006,CVE-2004-0007,CVE-2004-0008,CVE-2004-0500,CVE-2004-0754,CVE-2004-0784,CVE-2004-0785
[点击下载]

Fedora Legacy Update Advisory - FLSA:1237. Updated gaim package resolves security issues. Corrects multiple buffer overflows in Gaim 0.75 and earlier, including Yahoo cookie buffer overflows, YMSG protocol overflows, and flaws in URL and proxy handling.

-----------------------------------------------------------------------
               Fedora Legacy Update Advisory

Synopsis:          Updated gaim package resolves security issues
Advisory ID:       FLSA:1237
Issue date:        2004-10-16
Product:           Red Hat Linux
Keywords:          Bugfix
Cross references:  https://bugzilla.fedora.us/show_bug.cgi?id=3D1237
CVE Names:         CAN-2004-0006 CAN-2004-0007 CAN-2004-0008
                   CAN-2004-0500 CAN-2004-0754 CAN-2004-0784
                   CAN-2004-0785
-----------------------------------------------------------------------


-----------------------------------------------------------------------
1. Topic:

An updated gaim package that fixes several security issues is now
available.

2. Relevant releases/architectures:

Red Hat Linux 7.3 - i386
Red Hat Linux 9 - i386

3. Problem description:

Issues fixed with this gaim release include:

Multiple buffer overflows that affect versions of Gaim 0.75 and earlier.
1) When parsing cookies in a Yahoo web connection, 2) YMSG protocol
overflows parsing the Yahoo login webpage, 3) a YMSG packet overflow, 4)
flaws in the URL parser, and 5) flaws in HTTP Proxy connect. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0006 to these issues.

A buffer overflow in Gaim 0.74 and earlier in the Extract Info Field
Function used for MSN and YMSG protocol handlers. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0007 to this issue.

An integer overflow in Gaim 0.74 and earlier, when allocating memory for
a directIM packet results in heap overflow. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0008 to this issue.

Buffer overflow bugs were found in the Gaim MSN protocol handler. In
order to exploit these bugs, an attacker would have to perform a man in
the middle attack between the MSN server and the vulnerable Gaim client.
Such an attack could allow arbitrary code execution. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0500 to this issue.

An integer overflow bug has been found in the Gaim Groupware message
receiver. It is possible that if a user connects to a malicious server,
an attacker could send carefully crafted data which could lead to
arbitrary code execution on the victims machine. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0754 to this issue.

A shell escape bug has been found in the Gaim smiley theme file
installation. When a user installs a smiley theme, which is contained
within a tar file, the unarchiving of the data is done in an unsafe
manner. An attacker could create a malicious smiley theme that would
execute arbitrary commands if the theme was installed by the victim. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0784 to this issue.

Buffer overflow bugs have been found in the Gaim URL decoder, local
hostname resolver, and the RTF message parser. It is possible that a
remote attacker could send carefully crafted data to a vulnerable client
and lead to a crash or arbitrary code execution. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CAN-2004-0785 to this issue.

Users of Gaim are advised to upgrade to this updated package which
contains Gaim version 0.82.1 and is not vulnerable to these issues.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which
are not installed but included in the list will not be updated.  Note
that you can also use wildcards (*.rpm) if your current directory *only*
contains the desired RPMs.

Please note that this update is also available via yum and apt.  Many
people find this an easier way to apply updates.  To use yum issue:

yum update

or to use apt:

apt-get update; apt-get upgrade

This will start an interactive process that will result in the
appropriate RPMs being upgraded on your system.  This assumes that you
have yum or apt-get configured for obtaining Fedora Legacy content.
Please visit http://www fedoralegacy.org/docs for directions on how to
configure yum and apt-get.

5. Bug IDs fixed:

http://bugzilla.fedora.us - bug #1237

6. RPMs required:

Red Hat Linux 7.3:

SRPM:
http://download.fedoralegacy.org/redhat/7.3/updates/SRPMS/gaim-0.82.1-0.73.=
2.legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/7.3/updates/i386/gaim-0.82.1-0.73.2=
.legacy.i386.rpm

Red Hat Linux 9:

SRPM:
http://download.fedoralegacy.org/redhat/9/updates/SRPMS/gaim-0.82.1-0.90.3.=
legacy.src.rpm

i386:
http://download.fedoralegacy.org/redhat/9/updates/i386/gaim-0.82.1-0.90.3.l=
egacy.i386.rpm

7. Verification:

SHA1 sum                                 Package Name
---------------------------------------------------------------------------

cda084b78e263bb725ad92fdef0fc4b329b705d5=20
7.3/updates/i386/gaim-0.82.1-0.73.2.legacy.i386.rpm
e28d0c278324c7a508af7a30565cc5741b7ec4f0=20
7.3/updates/SRPMS/gaim-0.82.1-0.73.2.legacy.src.rpm
958a8c9d2077ae068af20c282e69e64ec8f1a4e7=20
9/updates/i386/gaim-0.82.1-0.90.3.legacy.i386.rpm
211c4e944d0b1178e53f0f1dd8bd303eeee1a6cf=20
9/updates/SRPMS/gaim-0.82.1-0.90.3.legacy.src.rpm

These packages are GPG signed by Fedora Legacy for security.  Our key is
available from http://www.fedoralegacy org/about/security.php

You can verify each package with the following command:

    rpm --checksig -v <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the sha1sum with the following command:

    sha1sum <filename>

8. References:

http://security.e-matters.de/advisories/012004.html
http://gaim.sourceforge.net/security/index.php?id=3D0
http://gaim.sourceforge.net/security/index.php?id=3D1
http://gaim.sourceforge.net/security/index.php?id=3D2
http://gaim.sourceforge.net/security/index.php?id=3D3
http://gaim.sourceforge.net/security/index.php?id=3D4
http://gaim.sourceforge.net/security/index.php?id=3D5
http://gaim.sourceforge.net/security/index.php?id=3D6
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0006
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0007
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0008
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0500
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0754
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0784
http://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCAN-2004-0785


9. Contact:

The Fedora Legacy security contact is <secnotice@fedoralegacy.org>. More
project details at http://www.fedoralegacy.org

---------------------------------------------------------------------


--=-yT6Wjt5+gK57EgNFrD7m
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQBBcWI7LMAs/0C4zNoRAuwkAJ4n8aqw46Ypr31zcF/agwoWtT3u/wCfc/IB
jfgx69hTPs9W16I7z3TBJ6g=
=mQs0
-----END PGP SIGNATURE-----

--=-yT6Wjt5+gK57EgNFrD7m--


    

- 漏洞信息 (F34039)

SUSE Security Announcement 2004.25 (PacketStormID:F34039)
2004-08-13 00:00:00
Sebastian Krahmer,Novell  suse.com
advisory,remote,overflow,arbitrary,protocol
linux,suse
CVE-2004-0500
[点击下载]

SUSE Security Announcement - The SuSE Security Team has discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code of gaim. Remote attackers can execute arbitrary code as the user running the gaim client.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=utf-8" />
<title>SUSE Security Announcement 2004.25 ≈ Packet Storm</title>
<meta name="description" content="Information Security Services, News, Files, Tools, Exploits, Advisories and Whitepapers" />
<meta name="keywords" content="security,exploit,advisory,whitepaper,xss,csrf,overflow,scanner,vulnerability" />
<link rel="shortcut icon" href="/img/pss.ico" />
<link rel="stylesheet" media="screen,print,handheld" href="http://packetstatic.com/css1366870159/pss.css" type="text/css" />
<!--[if lt ie 8]><link rel="stylesheet" type="text/css" href="http://packetstatic.com/css1366870159/ie.css" /><![endif]-->
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pt.js"></script>
<script type="text/javascript" src="http://packetstatic.com/js1366870155/pss.js"></script>
<link rel="search" type="application/opensearchdescription+xml" href="http://packetstormsecurity.com/opensearch.xml" title="Packet Storm Site Search" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Headlines" href="http://rss.packetstormsecurity.com/news/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Recent Files" href="http://rss.packetstormsecurity.com/files/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Exploits" href="http://rss.packetstormsecurity.com/files/tags/exploit/" />
<link rel="alternate" type="application/rss+xml" title="Packet Storm Advisories" href="http://rss.packetstormsecurity.com/files/tags/advisory/" />
</head>
<body id="files">
<div id="t">
   <div id="tc">
      <a id="top" href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="315" height="65" id="logo" alt="packet storm" /></a>
      <div id="slogan">seeing is believing
</div>
      <div id="account"><a href="https://packetstormsecurity.com/account/register/">Register</a> | <a href="https://packetstormsecurity.com/account/login/">Login</a></div>
      <div id="search">
        <form method="get" action="/search/"><input type="text" name="q" id="q" maxlength="120" value="Search …" /><button type="submit"></button><div id="q-tabs"><label for="s-files" class="on">Files</label><label for="s-news">News</label><label for="s-users">Users</label><label for="s-authors">Authors</label><input type="radio" value="files" name="s" id="s-files" /><input type="radio" value="news" name="s" id="s-news" /><input type="radio" value="users" name="s" id="s-users" /><input type="radio" value="authors" name="s" id="s-authors" /></div></form>
      </div>
   </div>
    <div id="tn"><div id="tnc">
        <a href="/" id="tn-home"><span>Home</span></a> <a href="/files/" id="tn-files"><span>Files</span></a> <a href="/news/" id="tn-news"><span>News</span></a> <a href="/about/" id="tn-about"><span>About</span></a> <a href="/contact/" id="tn-contact"><span>Contact</span></a> <a href="/submit/" id="tn-submit"><span>Add New</span></a>
    </div></div>
    <div id="tn2"></div>
</div>

<div id="c">

 <div id="cc">
     <div id="m">
    

    
    
    
     
    <div class="h1"><h1>SUSE Security Announcement 2004.25</h1></div>
<dl id="F34039" class="file first">
<dt><a class="ico text-plain" href="/files/download/34039/SUSE-SA%3A2004%3A025.txt" title="Size: 13.5 KB"><strong>SUSE Security Announcement 2004.25</strong></a></dt>
<dd class="datetime">Posted <a href="/files/date/2004-08-13/" title="14:07:01 UTC">Aug 13, 2004</a></dd>
<dd class="refer">Authored by <a href="/files/author/1520/" class="person">Sebastian Krahmer</a>, <a href="/files/author/3499/" class="company">Novell</a> | Site <a href="http://www.suse.com/">suse.com</a></dd>
<dd class="detail"><p>SUSE Security Announcement - The SuSE Security Team has discovered various remotely exploitable buffer overflows in the MSN-protocol parsing functions during a code review of the MSN protocol handling code of gaim. Remote attackers can execute arbitrary code as the user running the gaim client.</p></dd>
<dd class="tags"><span>tags</span> | <a href="/files/tags/advisory">advisory</a>, <a href="/files/tags/remote">remote</a>, <a href="/files/tags/overflow">overflow</a>, <a href="/files/tags/arbitrary">arbitrary</a>, <a href="/files/tags/protocol">protocol</a></dd>
<dd class="os"><span>systems</span> | <a href="/files/os/linux">linux</a>, <a href="/files/os/suse">suse</a></dd>
<dd class="cve"><span>advisories</span> | <a href="/files/cve/CVE-2004-0500">CVE-2004-0500</a></dd>
<dd class="md5"><span>MD5</span> | <code>bbe94b5a9984bcb0a5b0bbe005022c95</code></dd>
<dd class="act-links"><a href="/files/download/34039/SUSE-SA%3A2004%3A025.txt" title="Size: 13.5 KB" rel="nofollow">Download</a> | <a href="/files/favorite/34039/" class="fav" rel="nofollow">Favorite</a> | <a href="/files/34039/SUSE-Security-Announcement-2004.25.html">Comments <span>(0)</span></a></dd>
</dl>
<div id="extra-links"><a href="/files/related/34039/SUSE-Security-Announcement-2004.25.html" id="related">Related Files</a><div id="share">
<h2>Share This</h2>
<ul>
<li><iframe scrolling="no" frameborder="0" allowtransparency="true" style="border: medium none; overflow: hidden; width: 80px; height: 21px;" src="http://www.facebook.com/plugins/like.php?href=http://packetstormsecurity.com/files/34039/SUSE-Security-Announcement-2004.25.html&layout=button_count&show_faces=true&width=250&action=like&font&colorscheme=light&height=21"></iframe></li><li><iframe scrolling="no" frameborder="0" tabindex="0" allowtransparency="true" src="http://platform0.twitter.com/widgets/tweet_button.html?_=1286138321418&count=horizontal&lang=en&text=SUSE%20Security%20Announcement%202004.25&url=http://packetstormsecurity.com/files/34039/SUSE-Security-Announcement-2004.25.html&via=packet_storm" style="width: 110px; height: 20px;" title="Twitter"></iframe></li><li><a href="http://www.linkedin.com/shareArticle?mini=true&url=http://packetstormsecurity.com/files/34039/SUSE-Security-Announcement-2004.25.html&title=SUSE%20Security%20Announcement%202004.25&source=Packet+Storm" class="LinkedIn">LinkedIn</a></li><li><a href="http://www.reddit.com/submit?url=http://packetstormsecurity.com/files/34039/SUSE-Security-Announcement-2004.25.html&title=SUSE%20Security%20Announcement%202004.25" class="Reddit">Reddit</a></li><li><a href="http://digg.com/submit?phase=2&url=http://packetstormsecurity.com/files/34039/SUSE-Security-Announcement-2004.25.html" class="Digg">Digg</a></li><li><a href="http://www.stumbleupon.com/submit?url=http://packetstormsecurity.com/files/34039/SUSE-Security-Announcement-2004.25.html&title=SUSE%20Security%20Announcement%202004.25" class="StumbleUpon">StumbleUpon</a></li></ul>
</div>
</div>
<div class="h1"><h1>SUSE Security Announcement 2004.25</h1></div>
<div class="src">
<div><a href="/mirrors/">Change Mirror</a> <a href="/files/download/34039/SUSE-SA%3A2004%3A025.txt">Download</a></div>
<pre><code>-----BEGIN PGP SIGNED MESSAGE-----<br /><br />______________________________________________________________________________<br /><br />                        SUSE Security Announcement<br /><br />        Package:                gaim<br />        Announcement-ID:        SUSE-SA:2004:025<br />        Date:                   Thursday, Aug 12th 2004 12:00 MEST<br />        Affected products:      9.1<br />        Vulnerability Type:     remote code execution<br />        Severity (1-10):        6<br />        SUSE default package:   No<br />        Cross References:       CAN-2004-0500<br /><br />    Content of this advisory:<br />        1) security vulnerability resolved:<br />             - buffer overflow in gaim<br />           problem description<br />        2) solution/workaround<br />        3) special instructions and notes<br />        4) package location and checksums<br />        5) pending vulnerabilities, solutions, workarounds:<br />            - KDE<br />            - mozilla/firefox<br />            - ethereal<br />            - arts<br />        6) standard appendix (further information)<br /><br />______________________________________________________________________________<br /><br />1) problem description, brief discussion<br /><br />   Gaim is an instant messaging client which supports a wide range of<br />   protocols.<br /><br />   Sebastian Krahmer of the SuSE Security Team discovered various remotely<br />   exploitable buffer overflows in the MSN-protocol parsing functions during<br />   a code review of the MSN protocol handling code.<br /><br />   Remote attackers can execute arbitrary code as the user running the gaim<br />   client.<br /><br />   The vulnerable code exists in SUSE Linux 9.1 only.<br /><br /><br />2) solution/workaround<br /><br />    There is no known workaround.<br /><br /><br />3) special instructions and notes<br /><br />    Before applying the update, all instances of the gaim client should be<br />    closed.<br /><br /><br />4) package location and checksums<br /><br />    Please download the update package for your distribution and verify its<br />    integrity by the methods listed in section 3) of this announcement.<br />    Then, install the package using the command "rpm -Fhv file.rpm" to apply<br />    the update.<br />    Our maintenance customers are being notified individually. The packages<br />    are being offered to install from the maintenance web.<br /><br /><br />    x86 Platform:<br /><br />    SUSE Linux 9.1:<br />    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gaim-0.75-79.2.i586.rpm<br />      860321d82ba69b52420f20a79d85e1cf<br />    patch rpm(s):<br />    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/gaim-0.75-79.2.i586.patch.rpm<br />      4f1fc5407a2edf9483103cf1e4c9667b<br />    source rpm(s):<br />    ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/gaim-0.75-79.2.src.rpm<br />      3944443b7a6739d24737eca93cc48e98<br /><br /><br /><br />    x86-64 Platform:<br /><br />    SUSE Linux 9.1:<br />    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gaim-0.75-79.2.x86_64.rpm<br />      d6cf6e00d46bf3098f4b3a384e14b27f<br />    patch rpm(s):<br />    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/gaim-0.75-79.2.x86_64.patch.rpm<br />      35aa894e1a3f51fa4e210d0d01bfdd17<br />    source rpm(s):<br />    ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/gaim-0.75-79.2.src.rpm<br />      02e49732c72aec9d928a01491bca68fd<br /><br /><br />______________________________________________________________________________<br /><br />5)  Pending vulnerabilities in SUSE Distributions and Workarounds:<br /><br />    - KDE<br />    The KDE libs package contained two occureneces of insecure handling<br />    of temporary files in the mcoputils code (Thanks to Andrew Tuitt for<br />    reporting this to us) and in the dcopserver code.<br />    These two bugs can be exploited locally to remove and/or overwrite files<br />    with the privileges of the user running a vulnerable KDE application.<br />    A bug in the kdebase3 package allows the content of unrelated browser<br />    windows to be modified.<br />    This issue may be used to trick users into entering sensitive<br />    informations on a malicious web-site.<br />    New packages will be available soon.<br /><br />    - mozilla/firefox<br />    We are currently testing new mozilla/firefox packages that include<br />    several fixes for security-related bugs.<br />    New packages will be available soon.<br /><br />    - ethereal<br />    It may be possible to make Ethereal crash or run arbitrary code by<br />    injecting a malformed packet or by convincing someone to read a<br />    malformed packet trace file. (CAN-2004-0633, CAN-2004-0634, CAN-2004-0635)<br />    New packages are available at our FTP servers.<br /><br />    - arts<br />    This update removes an inconsistency in the comparsion of credentials<br />    while creating temporary files. This flaw can be exploited locally in<br />    conjunction with setuid Arts applications. (very unlikely)<br /><br />______________________________________________________________________________<br /><br />6)  standard appendix: authenticity verification, additional information<br /><br />  - Package authenticity verification:<br /><br />    SUSE update packages are available on many mirror ftp servers all over<br />    the world. While this service is being considered valuable and important<br />    to the free and open source software community, many users wish to be<br />    sure about the origin of the package and its content before installing<br />    the package. There are two verification methods that can be used<br />    independently from each other to prove the authenticity of a downloaded<br />    file or rpm package:<br />    1) md5sums as provided in the (cryptographically signed) announcement.<br />    2) using the internal gpg signatures of the rpm package.<br /><br />    1) execute the command<br />        md5sum <name-of-the-file.rpm><br />       after you downloaded the file from a SUSE ftp server or its mirrors.<br />       Then, compare the resulting md5sum with the one that is listed in the<br />       announcement. Since the announcement containing the checksums is<br />       cryptographically signed (usually using the key security@suse.de),<br />       the checksums show proof of the authenticity of the package.<br />       We disrecommend to subscribe to security lists which cause the<br />       email message containing the announcement to be modified so that<br />       the signature does not match after transport through the mailing<br />       list software.<br />       Downsides: You must be able to verify the authenticity of the<br />       announcement in the first place. If RPM packages are being rebuilt<br />       and a new version of a package is published on the ftp server, all<br />       md5 sums for the files are useless.<br /><br />    2) rpm package signatures provide an easy way to verify the authenticity<br />       of an rpm package. Use the command<br />        rpm -v --checksig <file.rpm><br />       to verify the signature of the package, where <file.rpm> is the<br />       filename of the rpm package that you have downloaded. Of course,<br />       package authenticity verification can only target an un-installed rpm<br />       package file.<br />       Prerequisites:<br />        a) gpg is installed<br />        b) The package is signed using a certain key. The public part of this<br />           key must be installed by the gpg program in the directory<br />           ~/.gnupg/ under the user's home directory who performs the<br />           signature verification (usually root). You can import the key<br />           that is used by SUSE in rpm packages for SUSE Linux by saving<br />           this announcement to a file ("announcement.txt") and<br />           running the command (do "su -" to be root):<br />            gpg --batch; gpg < announcement.txt | gpg --import<br />           SUSE Linux distributions version 7.1 and thereafter install the<br />           key "build@suse.de" upon installation or upgrade, provided that<br />           the package gpg is installed. The file containing the public key<br />           is placed at the top-level directory of the first CD (pubring.gpg)<br />           and at ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de .<br /><br /><br />  - SUSE runs two security mailing lists to which any interested party may<br />    subscribe:<br /><br />    suse-security@suse.com<br />        -   general/linux/SUSE security discussion.<br />            All SUSE security announcements are sent to this list.<br />            To subscribe, send an email to<br />                <suse-security-subscribe@suse.com>.<br /><br />    suse-security-announce@suse.com<br />        -   SUSE's announce-only mailing list.<br />            Only SUSE's security announcements are sent to this list.<br />            To subscribe, send an email to<br />                <suse-security-announce-subscribe@suse.com>.<br /><br />    For general information or the frequently asked questions (faq)<br />    send mail to:<br />        <suse-security-info@suse.com> or<br />        <suse-security-faq@suse.com> respectively.<br /><br />    =====================================================================<br />    SUSE's security contact is <security@suse.com> or <security@suse.de>.<br />    The <security@suse.de> public key is listed below.<br />    =====================================================================<br />______________________________________________________________________________<br /><br />    The information in this advisory may be distributed or reproduced,<br />    provided that the advisory is not modified in any way. In particular,<br />    it is desired that the clear-text signature shows proof of the<br />    authenticity of the text.<br />    SUSE Linux AG makes no warranties of any kind whatsoever with respect<br />    to the information contained in this security advisory.<br /><br />Type Bits/KeyID    Date       User ID<br />pub  2048R/3D25D3D9 1999-03-06 SuSE Security Team <security@suse.de><br />pub  1024D/9C800ACA 2000-10-19 SuSE Package Signing Key <build@suse.de><br /><br />- -----BEGIN PGP PUBLIC KEY BLOCK-----<br />Version: GnuPG v1.0.6 (GNU/Linux)<br />Comment: For info see http://www.gnupg.org<br /><br />mQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCkYS3yEKeueNWc+z/0Kvff<br />4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP+Y0PFPboMvKx0FXl/A0d<br />M+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR8xocQSVCFxcwvwCglVcO<br />QliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U8c/yE/vdvpN6lF0tmFrK<br />XBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0ScZqITuZC4CWxJa9GynBE<br />D3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEhELBeGaPdNCcmfZ66rKUd<br />G5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtBUVKn4zLUOf6aeBAoV6NM<br />CC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOoAqajLfvkURHAeSsxXIoE<br />myW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1nKFvF+rQoU3VTRSBQYWNr<br />YWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohcBBMRAgAcBQI57vSBBQkD<br />wmcABAsKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyl8sAJ98BgD40zw0GHJHIf6d<br />NfnwI2PAsgCgjH1+PnYEl7TFjtZsqhezX7vZvYCIRgQQEQIABgUCOnBeUgAKCRCe<br />QOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lxyoAejACeOO1HIbActAevk5MUBhNe<br />LZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWnB/9An5vfiUUE1VQnt+T/EYklES3t<br />XXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDVwM2OgSEISZxbzdXGnqIlcT08TzBU<br />D9i579uifklLsnr35SJDZ6ram51/CWOnnaVhUzneOA9gTPSr+/fT3WeVnwJiQCQ3<br />0kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF5Yryk23pQUPAgJENDEqeU6iIO9Ot<br />1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3D3EN8C1yPqZd5CvvznYvB6bWBIpW<br />cRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGuzgpJt9IXSzyohEJB6XG5+D0BiF0E<br />ExECAB0FAjxqqTQFCQoAgrMFCwcKAwQDFQMCAxYCAQIXgAAKCRCoTtronIAKyp1f<br />AJ9dR7saz2KPNwD3U+fy/0BDKXrYGACfbJ8fQcJqCBQxeHvt9yMPDVq0B0W5Ag0E<br />Oe70khAIAISR0E3ozF/la+oNaRwxHLrCet30NgnxRROYhPaJB/Tu1FQokn2/Qld/<br />HZnh3TwhBIw1FqrhWBJ7491iAjLR9uPbdWJrn+A7t8kSkPaF3Z/6kyc5a8fas44h<br />t5h+6HMBzoFCMAq2aBHQRFRNp9Mz1ZvoXXcI1lk1l8OqcUM/ovXbDfPcXsUVeTPT<br />tGzcAi2jVl9hl3iwJKkyv/RLmcusdsi8YunbvWGFAF5GaagYQo7YlF6UaBQnYJTM<br />523AMgpPQtsKm9o/w9WdgXkgWhgkhZEeqUS3m5xNey1nLu9iMvq9M/iXnGz4sg6Q<br />2Y+GqZ+yAvNWjRRou3zSE7Bzg28MI4sAAwYH/2D71Xc5HPDgu87WnBFgmp8MpSr8<br />QnSs0wwPg3xEullGEocolSb2c0ctuSyeVnCttJMzkukL9TqyF4s/6XRstWirSWaw<br />JxRLKH6Zjo/FaKsshYKf8gBkAaddvpl3pO0gmUYbqmpQ3xDEYlhCeieXS5MkockQ<br />1sj2xYdB1xO0ExzfiCiscUKjUFy+mdzUsUutafuZ+gbHog1CN/ccZCkxcBa5IFCH<br />ORrNjq9pYWlrxsEn6ApsG7JJbM2besW1PkdEoxak74z1senh36m5jQvVjA3U4xq1<br />wwylxadmmJaJHzeiLfb7G1ZRjZTsB7fyYxqDzMVul6o9BSwO/1XsIAnV1uuITAQY<br />EQIADAUCOe70kgUJA8JnAAAKCRCoTtronIAKyksiAJsFB3/77SkH3JlYOGrEe1Ol<br />0JdGwACeKTttgeVPFB+iGJdiwQlxasOfuXyITAQYEQIADAUCPGqpWQUJCgCCxwAK<br />CRCoTtronIAKyofBAKCSZM2UFyta/fe9WgITK9I5hbxxtQCfX+0ar2CZmSknn3co<br />SPihn1+OBNyZAQ0DNuEtBAAAAQgAoCRcd7SVZEFcumffyEwfLTcXQjhKzOahzxpo<br />omuF+HIyU4AGq+SU8sTZ/1SsjhdzzrSAfv1lETACA+3SmLr5KV40Us1w0UC64cwt<br />A46xowVq1vMlH2Lib+V/qr3b1hE67nMHjysECVx9Ob4gFuKNoR2eqnAaJvjnAT8J<br />/LoUC20EdCHUqn6v+M9t/WZgC+WNR8cq69uDy3YQhDP/nIan6fm2uf2kSV9A7ZxE<br />GrwsWl/WX5Q/sQqMWaU6r4az98X3z90/cN+eJJ3vwtA+rm+nxEvyev+jaLuOQBDf<br />ebh/XA4FZ35xmi+spdiVeJH4F/ubaGlmj7+wDOF3suYAPSXT2QAFEbQlU3VTRSBT<br />ZWN1cml0eSBUZWFtIDxzZWN1cml0eUBzdXNlLmRlPokBFQMFEDbhLUfkWLKHsco8<br />RQEBVw4H/1vIdiOLX/7hdzYaG9crQVIk3QwaB5eBbjvLEMvuCZHiY2COUg5QdmPQ<br />8SlWNZ6k4nu1BLcv2g/pymPUWP9fG4tuSnlUJDrWGm3nhyhAC9iudP2u1YQY37Gb<br />B6NPVaZiYMnEb4QYFcqv5c/r2ghSXUTYk7etd6SW6WCOpEqizhx1cqDKNZnsI/1X<br />11pFcO2N7rc6byDBJ1T+cK+F1Ehan9XBt/shryJmv04nli5CXQMEbiqYYMOu8iaA<br />8AWRgXPCWqhyGhcVD3LRhUJXjUOdH4ZiHCXaoF3zVPxpeGKEQY8iBrDeDyB3wHmj<br />qY9WCX6cmogGQRgYG6yJqDalLqrDOdmJARUDBRA24S0Ed7LmAD0l09kBAW04B/4p<br />WH3f1vQn3i6/+SmDjGzUu2GWGq6Fsdwo2hVM2ym6CILeow/K9JfhdwGvY8LRxWRL<br />hn09j2IJ9P7H1Yz3qDf10AX6V7YILHtchKT1dcngCkTLmDgC4rs1iAAl3f089sRG<br />BafGPGKv2DQjHfR1LfRtbf0P7c09Tkej1MP8HtQMW9hPkBYeXcwbCjdrVGFOzqx+<br />AvvJDdT6a+oyRMTFlvmZ83UV5pgoyimgjhWnM1V4bFBYjPrtWMkdXJSUXbR6Q7Pi<br />RZWCzGRzwbaxqpl3rK/YTCphOLwEMB27B4/fcqtBzgoMOiaZA0M5fFoo54KgRIh0<br />zinsSx2OrWgvSiLEXXYKiEYEEBECAAYFAjseYcMACgkQnkDjEAAKq6ROVACgjhDM<br />/3KM+iFjs5QXsnd4oFPOnbkAnjYGa1J3em+bmV2aiCdYXdOuGn4ZiQCVAwUQN7c7<br />whaQN/7O/JIVAQEB+QP/cYblSAmPXxSFiaHWB+MiUNw8B6ozBLK0QcMQ2YcL6+Vl<br />D+nSZP20+Ja2nfiKjnibCv5ss83yXoHkYk2Rsa8foz6Y7tHwuPiccvqnIC/c9Cvz<br />dbIsdxpfsi0qWPfvX/jLMpXqqnPjdIZErgxpwujas1n9016PuXA8K3MJwVjCqSKI<br />RgQQEQIABgUCOhpCpAAKCRDHUqoysN/3gCt7AJ9adNQMbmA1iSYcbhtgvx9ByLPI<br />DgCfZ5Wj+f7cnYpFZI6GkAyyczG09sE=<br />=LRKC<br />- -----END PGP PUBLIC KEY BLOCK-----<br /><br />-----BEGIN PGP SIGNATURE-----<br />Version: GnuPG v1.2.2 (GNU/Linux)<br /><br />iQEVAwUBQRtg6Hey5gA9JdPZAQHLzQf/XkHTl/qHDMtyNluHXvyuVSJhqPWmZhEr<br />FgkBtCtbmb4ni4vMpfWYhF6QSxARdRtDWT8ejhMcheswMgCQkOJCo95ecLOfXYLs<br />V8aR/cyZMgQX0i9ph2ZZkuwcNDGBAGV6GBN3B6AcjL1db5xXPDeI1LLmqkQnWOdr<br />FLptFIPwMsmmx40/W5ICg5xlO5GtQE94aW+zB1qLYdAHFs1mFM1o8GMHllbzZiqf<br />wW/ZqJK2eFeg3Lq9H7s6ZHBtsMbEFPv+UNzCQexQviTiDBv98FvBDakdyORrTnaS<br />6JYfdLjeZqBmESdgVBeRvcgR+96TwTByaDkZK0lckOG7lHBaNbP5gw==<br />=j6iP<br />-----END PGP SIGNATURE-----<br /></code></pre>
</div>
<div id="comments">
<h2>Comments</h2><a href="http://rss.packetstormsecurity.com/files/34039" class="rss-cmt"><img src="http://packetstatic.com/img1353978071/bt_rss.gif" width="16" height="16" alt="RSS Feed" /> <span>Subscribe to this comment feed</span></a><br /><p id="comment-none">No comments yet, be the first!</p></div>
<div id="comment-form" style="display:none"></div><div id="comment-login"><a href="https://packetstormsecurity.com/account/login/">Login</a> or <a href="https://packetstormsecurity.com/account/register/">Register</a> to post a comment</div>
    
    
     </div>
    
      <div id="adblock">
        
      </div>
      <div id="mn">
        <div class="mn-like-us">
<ul>
<li><a href="https://twitter.com/packet_storm"><img src="http://packetstatic.com/img1353978071/s_twitter.png" width="24" height="24" alt="Follow on Twitter" /> Follow us on Twitter</a></li>
<li><a href="https://www.facebook.com/packetstormfeed"><img src="http://packetstatic.com/img1353978071/s_facebook.png" width="24" height="24" alt="Follow on Facebook" /> Follow us on Facebook</a></li>
<li><a href="/feeds"><img src="http://packetstatic.com/img1353978071/s_rss.png" width="24" height="24" alt="View RSS Feeds" /> Subscribe to an RSS Feed</a></li>
</ul>
</div>
<div class="mn-like-us"><ul><li style="border-color: #afa; background: #efe"><a style="border-color: #6f6; background: #afa; color: #060; padding-left: 0;" href="/bugbounty/"><span style="color:#393">$ $ $</span>  Write Exploits? Get Paid!</a></li></ul></div>
<div>
<form id="cal" action="/files/cal/" method="post">
<h2>File Archive:</h2><h3>April 2013</h3>
<button id="cal-prev" name="cal-prev" type="button" value="2013-4"><span><</span></button><ul class="dotw"><li>Su</li><li>Mo</li><li>Tu</li><li>We</li><li>Th</li><li>Fr</li><li>Sa</li></ul>
<ul><li></li><li class="low"><a href="/files/date/2013-04-01/">1</a><div class="stats"><div class="point"></div><div class="date">Apr 1st</div><div class="count">10 Files</div></div></li><li class="med"><a href="/files/date/2013-04-02/">2</a><div class="stats"><div class="point"></div><div class="date">Apr 2nd</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-03/">3</a><div class="stats"><div class="point"></div><div class="date">Apr 3rd</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-04/">4</a><div class="stats"><div class="point"></div><div class="date">Apr 4th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-05/">5</a><div class="stats"><div class="point"></div><div class="date">Apr 5th</div><div class="count">30 Files</div></div></li><li class="low"><a href="/files/date/2013-04-06/">6</a><div class="stats"><div class="point"></div><div class="date">Apr 6th</div><div class="count">4 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-07/">7</a><div class="stats"><div class="point"></div><div class="date">Apr 7th</div><div class="count">12 Files</div></div></li><li class="med"><a href="/files/date/2013-04-08/">8</a><div class="stats"><div class="point"></div><div class="date">Apr 8th</div><div class="count">23 Files</div></div></li><li class="med"><a href="/files/date/2013-04-09/">9</a><div class="stats"><div class="point"></div><div class="date">Apr 9th</div><div class="count">26 Files</div></div></li><li class="med"><a href="/files/date/2013-04-10/">10</a><div class="stats"><div class="point"></div><div class="date">Apr 10th</div><div class="count">30 Files</div></div></li><li class="high"><a href="/files/date/2013-04-11/">11</a><div class="stats"><div class="point"></div><div class="date">Apr 11th</div><div class="count">63 Files</div></div></li><li class="low"><a href="/files/date/2013-04-12/">12</a><div class="stats"><div class="point"></div><div class="date">Apr 12th</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-13/">13</a><div class="stats"><div class="point"></div><div class="date">Apr 13th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-14/">14</a><div class="stats"><div class="point"></div><div class="date">Apr 14th</div><div class="count">2 Files</div></div></li><li class="low"><a href="/files/date/2013-04-15/">15</a><div class="stats"><div class="point"></div><div class="date">Apr 15th</div><div class="count">11 Files</div></div></li><li class="med"><a href="/files/date/2013-04-16/">16</a><div class="stats"><div class="point"></div><div class="date">Apr 16th</div><div class="count">16 Files</div></div></li><li class="med"><a href="/files/date/2013-04-17/">17</a><div class="stats"><div class="point"></div><div class="date">Apr 17th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-18/">18</a><div class="stats"><div class="point"></div><div class="date">Apr 18th</div><div class="count">15 Files</div></div></li><li class="med"><a href="/files/date/2013-04-19/">19</a><div class="stats"><div class="point"></div><div class="date">Apr 19th</div><div class="count">19 Files</div></div></li><li class="low"><a href="/files/date/2013-04-20/">20</a><div class="stats"><div class="point"></div><div class="date">Apr 20th</div><div class="count">3 Files</div></div></li></ul>
<ul><li class="low"><a href="/files/date/2013-04-21/">21</a><div class="stats"><div class="point"></div><div class="date">Apr 21st</div><div class="count">3 Files</div></div></li><li class="low"><a href="/files/date/2013-04-22/">22</a><div class="stats"><div class="point"></div><div class="date">Apr 22nd</div><div class="count">12 Files</div></div></li><li class="low"><a href="/files/date/2013-04-23/">23</a><div class="stats"><div class="point"></div><div class="date">Apr 23rd</div><div class="count">13 Files</div></div></li><li class="low"><a href="/files/date/2013-04-24/">24</a><div class="stats"><div class="point"></div><div class="date">Apr 24th</div><div class="count">11 Files</div></div></li><li class="none today"><a href="/files/date/2013-04-25/">25</a><div class="stats"><div class="point"></div><div class="date">Apr 25th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-26/">26</a><div class="stats"><div class="point"></div><div class="date">Apr 26th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-27/">27</a><div class="stats"><div class="point"></div><div class="date">Apr 27th</div><div class="count">0 Files</div></div></li></ul>
<ul><li class="none"><a href="/files/date/2013-04-28/">28</a><div class="stats"><div class="point"></div><div class="date">Apr 28th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-29/">29</a><div class="stats"><div class="point"></div><div class="date">Apr 29th</div><div class="count">0 Files</div></div></li><li class="none"><a href="/files/date/2013-04-30/">30</a><div class="stats"><div class="point"></div><div class="date">Apr 30th</div><div class="count">0 Files</div></div></li><li></li><li></li><li></li><li></li></ul>
</form></div>
<div id="mn-top-author" class="top-ten">
<h2>Top Authors In Last 30 Days</h2>
<ul>
<li><a href="/files/authors/3786">Mandriva</a> <span>126 files</span></li>
<li><a href="/files/authors/4676">Red Hat</a> <span>44 files</span></li>
<li><a href="/files/authors/3695">Ubuntu</a> <span>28 files</span></li>
<li><a href="/files/authors/2985">Cisco Systems</a> <span>17 files</span></li>
<li><a href="/files/authors/2821">Debian</a> <span>11 files</span></li>
<li><a href="/files/authors/4612">HP</a> <span>11 files</span></li>
<li><a href="/files/authors/8993">juan vazquez</a> <span>9 files</span></li>
<li><a href="/files/authors/8123">Michael Messner</a> <span>7 files</span></li>
<li><a href="/files/authors/8035">High-Tech Bridge SA</a> <span>7 files</span></li>
<li><a href="/files/authors/8982">Slackware Security Team</a> <span>7 files</span></li>
</ul>
</div>
<div id="mn-tag-file"><h2>File Tags</h2><ul><li><a href="/files/tags/activex/">ActiveX</a> <span>(873)</span></li><li><a href="/files/tags/advisory/">Advisory</a> <span>(55,748)</span></li><li><a href="/files/tags/arbitrary/">Arbitrary</a> <span>(8,747)</span></li><li><a href="/files/tags/bbs/">BBS</a> <span>(2,859)</span></li><li><a href="/files/tags/bypass/">Bypass</a> <span>(575)</span></li><li><a href="/files/tags/cgi/">CGI</a> <span>(847)</span></li><li><a href="/files/tags/code_execution/">Code Execution</a> <span>(3,370)</span></li><li><a href="/files/tags/cracker/">Cracker</a> <span>(685)</span></li><li><a href="/files/tags/csrf/">CSRF</a> <span>(1,857)</span></li><li><a href="/files/tags/denial_of_service/">DoS</a> <span>(14,917)</span></li><li><a href="/files/tags/encryption/">Encryption</a> <span>(2,115)</span></li><li><a href="/files/tags/exploit/">Exploit</a> <span>(29,367)</span></li><li><a href="/files/tags/file_inclusion/">File Inclusion</a> <span>(3,386)</span></li><li><a href="/files/tags/firewall/">Firewall</a> <span>(748)</span></li><li><a href="/files/tags/info_disclosure/">Info Disclosure</a> <span>(1,212)</span></li><li><a href="/files/tags/intrusion_detection/">Intrusion Detection</a> <span>(663)</span></li><li><a href="/files/tags/java/">Java</a> <span>(1,320)</span></li><li><a href="/files/tags/javascript/">JavaScript</a> <span>(503)</span></li><li><a href="/files/tags/kernel/">Kernel</a> <span>(2,825)</span></li><li><a href="/files/tags/local/">Local</a> <span>(10,570)</span></li><li><a href="/files/tags/magazine/">Magazine</a> <span>(503)</span></li><li><a href="/files/tags/overflow/">Overflow</a> <span>(8,311)</span></li><li><a href="/files/tags/perl/">Perl</a> <span>(1,213)</span></li><li><a href="/files/tags/php/">PHP</a> <span>(3,984)</span></li><li><a href="/files/tags/proof_of_concept/">Proof of Concept</a> <span>(1,589)</span></li><li><a href="/files/tags/protocol/">Protocol</a> <span>(1,839)</span></li><li><a href="/files/tags/python/">Python</a> <span>(705)</span></li><li><a href="/files/tags/remote/">Remote</a> <span>(19,367)</span></li><li><a href="/files/tags/root/">Root</a> <span>(2,443)</span></li><li><a href="/files/tags/scanner/">Scanner</a> <span>(1,317)</span></li><li><a href="/files/tags/tool/">Security Tool</a> <span>(5,638)</span></li><li><a href="/files/tags/shell/">Shell</a> <span>(1,943)</span></li><li><a href="/files/tags/shellcode/">Shellcode</a> <span>(772)</span></li><li><a href="/files/tags/sniffer/">Sniffer</a> <span>(781)</span></li><li><a href="/files/tags/spoof/">Spoof</a> <span>(1,653)</span></li><li><a href="/files/tags/sql_injection/">SQL Injection</a> <span>(12,575)</span></li><li><a href="/files/tags/tcp/">TCP</a> <span>(1,961)</span></li><li><a href="/files/tags/trojan/">Trojan</a> <span>(541)</span></li><li><a href="/files/tags/udp/">UDP</a> <span>(713)</span></li><li><a href="/files/tags/virus/">Virus</a> <span>(573)</span></li><li><a href="/files/tags/vulnerability/">Vulnerability</a> <span>(22,058)</span></li><li><a href="/files/tags/web/">Web</a> <span>(5,497)</span></li><li><a href="/files/tags/paper/">Whitepaper</a> <span>(2,850)</span></li><li><a href="/files/tags/x86/">x86</a> <span>(585)</span></li><li><a href="/files/tags/xss/">XSS</a> <span>(12,267)</span></li><li><a href="/files/tags/">Other</a></li></ul></div><div id="mn-arch-file"><h2>File Archives</h2><ul><li><a href="/files/date/2013-04/">April 2013</a></li><li><a href="/files/date/2013-03/">March 2013</a></li><li><a href="/files/date/2013-02/">February 2013</a></li><li><a href="/files/date/2013-01/">January 2013</a></li><li><a href="/files/date/2012-12/">December 2012</a></li><li><a href="/files/date/2012-11/">November 2012</a></li><li><a href="/files/date/2012-10/">October 2012</a></li><li><a href="/files/date/2012-09/">September 2012</a></li><li><a href="/files/date/2012-08/">August 2012</a></li><li><a href="/files/date/2012-07/">July 2012</a></li><li><a href="/files/date/2012-06/">June 2012</a></li><li><a href="/files/date/2012-05/">May 2012</a></li><li><a href="/files/date/">Older</a></li></ul></div><div id="mn-os-file"><h2>Systems</h2><ul><li><a href="/files/os/aix/">AIX</a> <span>(371)</span></li><li><a href="/files/os/apple/">Apple</a> <span>(1,067)</span></li><li><a href="/files/os/bsd/">BSD</a> <span>(305)</span></li><li><a href="/files/os/cisco/">Cisco</a> <span>(1,393)</span></li><li><a href="/files/os/debian/">Debian</a> <span>(4,133)</span></li><li><a href="/files/os/fedora/">Fedora</a> <span>(1,663)</span></li><li><a href="/files/os/freebsd/">FreeBSD</a> <span>(1,053)</span></li><li><a href="/files/os/gentoo/">Gentoo</a> <span>(2,646)</span></li><li><a href="/files/os/hpux/">HPUX</a> <span>(735)</span></li><li><a href="/files/os/iphone/">iPhone</a> <span>(99)</span></li><li><a href="/files/os/irix/">IRIX</a> <span>(218)</span></li><li><a href="/files/os/juniper/">Juniper</a> <span>(63)</span></li><li><a href="/files/os/linux/">Linux</a> <span>(23,246)</span></li><li><a href="/files/os/osx/">Mac OS X</a> <span>(453)</span></li><li><a href="/files/os/mandriva/">Mandriva</a> <span>(2,472)</span></li><li><a href="/files/os/netbsd/">NetBSD</a> <span>(244)</span></li><li><a href="/files/os/openbsd/">OpenBSD</a> <span>(422)</span></li><li><a href="/files/os/redhat/">RedHat</a> <span>(3,170)</span></li><li><a href="/files/os/slackware/">Slackware</a> <span>(447)</span></li><li><a href="/files/os/solaris/">Solaris</a> <span>(1,524)</span></li><li><a href="/files/os/suse/">SUSE</a> <span>(1,440)</span></li><li><a href="/files/os/ubuntu/">Ubuntu</a> <span>(3,312)</span></li><li><a href="/files/os/unix/">UNIX</a> <span>(7,126)</span></li><li><a href="/files/os/unixware/">UnixWare</a> <span>(152)</span></li><li><a href="/files/os/windows/">Windows</a> <span>(4,233)</span></li><li><a href="/files/os/">Other</a></li></ul></div>
      </div>

  </div>

</div>

<div id="f">
  <div id="fc">

    <div class="f-box" style="margin: 50px 0 0 0;">
        <a href="/"><img src="http://packetstatic.com/img1353978071/ps_logo.png" width="218" alt="packet storm" /></a>
    <p class="copy">© 2013 Packet Storm. All rights reserved.</p>
    </div>

    <div class="f-box">
    <dl>
      <dt>Site Links</dt>
      <dd><a href="/news/date/">News by Month</a></dd>
      <dd><a href="/news/tags/">News Tags</a></dd>
      <dd><a href="/files/date/">Files by Month</a></dd>
      <dd><a href="/files/tags/">File Tags</a></dd>
      <dd><a href="/files/directory/">File Directory</a></dd>
    </dl>    
    </div>

    <div class="f-box">
    <dl>
      <dt>About Us</dt>
      <dd><a href="/about/">History & Purpose</a></dd>
      <dd><a href="/contact/">Contact Information</a></dd>
      <dd><a href="/legal/tos.html">Terms of Service</a></dd>
      <dd><a href="/legal/privacy.html">Privacy Statement</a></dd>
      <dd><a href="/legal/copyright.html">Copyright Information</a></dd>
    </dl>
    </div>

    <div class="f-box">
	<dl>
      <dt>Services</dt>
      <dd><a href="/services/">Security Services</a></dd>
      <dt style="margin-top:1.5em;">Hosting By</dt>
      <dd><a href="http://www.rokabear.com/">Rokabear</a></dd>
      <dd><a href="/mirrors/">Global Mirror List</a></dd>
    </dl>   
    </div>
    <div class="f-box">
    <ul class="f-follow">
     <li><a href="https://twitter.com/packet_storm"><img width="24" height="24" alt="Follow on Twitter" src="http://packetstatic.com/img1353978071/s_twitter.png" /> Follow us on Twitter</a></li>
     <li><a href="https://www.facebook.com/packetstormfeed"><img width="24" height="24" alt="Follow on Facebook" src="http://packetstatic.com/img1353978071/s_facebook.png" /> Follow us on Facebook</a></li>
     <li><a href="/feeds"><img width="24" height="24" alt="View RSS Feeds" src="http://packetstatic.com/img1353978071/s_rss.png" /> Subscribe to an RSS Feed</a></li>
    </ul>
    </div>

  </div>
</div>

<div id="o-box"><img src="http://packetstatic.com/img1353978071/o_close.png" alt="close" height="30" width="30" id="o-close" /><div id="o-main"></div></div>


<script type="text/javascript"> var _gaq = _gaq || []; _gaq.push(['_setAccount', 'UA-18885198-1']); _gaq.push(['_setDomainName', '.packetstormsecurity.com']); _gaq.push(['_trackPageview']); (function() {var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);})(); </script><noscript><img src="http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1001189341&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=SUSE%20Security%20Announcement%202004.25%u2248%20Packet%20Storm&utmhn=packetstormsecurity.com&utmr=-&utmp=%2Ffiles%2F34039%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1001189341.1366881553.1366881553.1366881553.1%3B%2B__utmz%3D32867617.1366881553.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)" width="2" height="2" alt="" /></noscript>
<!-- Thu, 25 Apr 2013 09:19:11 GMT -->
</body>
</html>
    

- 漏洞信息

8382
Gaim msn_slp_sip_recv() Function Overflow
Local Access Required Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A local overflow exists in gaim. The msn_slp_sip_recv() function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2004-08-05 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 0.82 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the patch Gaim has released to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Gaim Multiple MSN Protocol Buffer Overflow Vulnerabilities
Boundary Condition Error 10865
Yes No
2004-08-04 12:00:00 2009-07-12 06:16:00
These vulnerabilities were discovered by the SuSE Security Team. Additional information provided by <infamous41md@hotpop.com>.

- 受影响的程序版本

Rob Flynn Gaim 0.75
Rob Flynn Gaim 0.74
Rob Flynn Gaim 0.73
Rob Flynn Gaim 0.72
Rob Flynn Gaim 0.71
+ Red Hat Fedora Core1
Rob Flynn Gaim 0.70
Rob Flynn Gaim 0.69
Rob Flynn Gaim 0.68
Rob Flynn Gaim 0.67
+ S.u.S.E. Linux Personal 9.0
Rob Flynn Gaim 0.66
Rob Flynn Gaim 0.65
Rob Flynn Gaim 0.64
Rob Flynn Gaim 0.63
Rob Flynn Gaim 0.62
Rob Flynn Gaim 0.61
Rob Flynn Gaim 0.60
Rob Flynn Gaim 0.59.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Rob Flynn Gaim 0.59
+ Gentoo Linux 0.7
+ Gentoo Linux 0.5
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 8.2
+ Sun Linux 5.0
Rob Flynn Gaim 0.58
+ Debian Linux 3.0
Rob Flynn Gaim 0.57
Rob Flynn Gaim 0.56
Rob Flynn Gaim 0.55
Rob Flynn Gaim 0.54
Rob Flynn Gaim 0.53
Rob Flynn Gaim 0.52
Rob Flynn Gaim 0.51
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
Rob Flynn Gaim 0.50
+ S.u.S.E. Linux 8.0
Rob Flynn Gaim 0.10.3
Rob Flynn Gaim 0.10 x
RedHat Linux 9.0 i386
RedHat Linux 7.3 i386
RedHat Linux 7.3
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
Mandriva Linux Mandrake 9.2 amd64
Mandriva Linux Mandrake 9.2
Gentoo Linux 1.4
Rob Flynn Gaim 0.82
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3

- 不受影响的程序版本

Rob Flynn Gaim 0.82
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3

- 漏洞讨论

It is reported that there are multiple buffer overflow vulnerabilities in the MSN protocol module in Gaim.

It is reported that several stack-based and heap-based buffer overflow vulnerabilities exist. These issues may result in buffer overflow vulnerabilities with to possibility of remote code execution in the context of the user executing the application. Denial of service vulnerabilites are also likely to exist.

This BID will be updated as further information becomes available.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com &lt;mailto:vuldb@securityfocus.com&gt;.

- 解决方案

SUSE has released a security advisory (SUSE-SA:2004:025) to address this issue. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200408-12 to address this issue. Please see the referenced advisory for further information. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge sync
emerge -pv ">=net-im/gaim-0.81-r1"
emerge ">=net-im/gaim-0.81-r1"

Mandrake Linux has released advisory MDKSA-2004:081 along with fixes addressing this issue. Please see the referenced advisory for further information.

OpenBSD has included a patch to fix Gaim in the ports tree of OpenBSD-current as of 13 Aug 2004. This fix has not been ported to 3.4 or 3.5 at the time of this update.

Slackware has released advisory SSA:2004-239-01 dealing with this and other issues. Please see the referenced advisory for more information.

Fedora Legacy has released advisory FLSA-2004:1237 along with fixes for RedHat Linux dealing with this and other issues. Please see the referenced advisory for more information.

The vendor has released Gaim 0.82 to address these issues.

Conectiva has released an advisory (CLA-2004:884) to address these and other various issues in gaim. Please see the referenced advisory for more information.


Rob Flynn Gaim 0.10 x

Rob Flynn Gaim 0.10.3

Rob Flynn Gaim 0.50

Rob Flynn Gaim 0.51

Rob Flynn Gaim 0.52

Rob Flynn Gaim 0.53

Rob Flynn Gaim 0.54

Rob Flynn Gaim 0.55

Rob Flynn Gaim 0.56

Rob Flynn Gaim 0.57

Rob Flynn Gaim 0.58

Rob Flynn Gaim 0.59

Rob Flynn Gaim 0.59.1

Rob Flynn Gaim 0.60

Rob Flynn Gaim 0.61

Rob Flynn Gaim 0.62

Rob Flynn Gaim 0.63

Rob Flynn Gaim 0.64

Rob Flynn Gaim 0.65

Rob Flynn Gaim 0.66

Rob Flynn Gaim 0.67

Rob Flynn Gaim 0.68

Rob Flynn Gaim 0.69

Rob Flynn Gaim 0.70

Rob Flynn Gaim 0.71

Rob Flynn Gaim 0.72

Rob Flynn Gaim 0.73

Rob Flynn Gaim 0.74

Rob Flynn Gaim 0.75

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站