CVE-2005-1269
CVSS5.0
发布时间 :2005-06-16 00:00:00
修订时间 :2010-08-21 00:28:22
NMCOPS    

[原文]Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.


[CNNVD]Gaim Yahoo!协议处理模块文件下载拒绝服务漏洞(CNNVD-200506-159)

        Gaim是一款Linux系统下的即时通讯软件,是一个同时支持多种协议的即时聊天工具,所支持的协议包括AIM、ICQ、MSN、IRC和Jabber。Gaim在使用Yahoo!协议下载文件时存在拒绝服务漏洞,远程攻击者可以利用这个漏洞导致受影响的客户端失效。
        如果客户端试图下载文件名中包含有非ASCII字符的文件时就会触发这个漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:rob_flynn:gaim:0.63
cpe:/a:rob_flynn:gaim:1.2.1
cpe:/a:rob_flynn:gaim:0.56
cpe:/a:rob_flynn:gaim:0.54
cpe:/a:rob_flynn:gaim:0.60
cpe:/a:rob_flynn:gaim:0.79
cpe:/a:rob_flynn:gaim:0.10
cpe:/a:rob_flynn:gaim:1.0
cpe:/a:rob_flynn:gaim:0.71
cpe:/a:rob_flynn:gaim:1.2.0
cpe:/a:rob_flynn:gaim:1.1.4
cpe:/a:rob_flynn:gaim:0.81
cpe:/a:rob_flynn:gaim:0.73
cpe:/a:rob_flynn:gaim:0.77
cpe:/a:rob_flynn:gaim:0.72
cpe:/a:rob_flynn:gaim:0.50
cpe:/a:rob_flynn:gaim:0.59.1
cpe:/a:rob_flynn:gaim:0.70
cpe:/a:rob_flynn:gaim:0.80
cpe:/a:rob_flynn:gaim:0.59
cpe:/a:rob_flynn:gaim:0.82.1
cpe:/a:rob_flynn:gaim:1.0.3
cpe:/a:rob_flynn:gaim:0.51
cpe:/a:rob_flynn:gaim:0.65
cpe:/a:rob_flynn:gaim:1.3.0
cpe:/a:rob_flynn:gaim:0.69
cpe:/a:rob_flynn:gaim:0.10.3
cpe:/a:rob_flynn:gaim:1.1.0
cpe:/a:rob_flynn:gaim:0.74
cpe:/a:rob_flynn:gaim:1.0.0
cpe:/a:rob_flynn:gaim:0.58
cpe:/a:rob_flynn:gaim:1.1.2
cpe:/a:rob_flynn:gaim:0.62
cpe:/a:rob_flynn:gaim:0.82
cpe:/a:rob_flynn:gaim:1.0.2
cpe:/a:rob_flynn:gaim:0.78
cpe:/a:rob_flynn:gaim:0.55
cpe:/a:rob_flynn:gaim:0.57
cpe:/a:rob_flynn:gaim:0.75
cpe:/a:rob_flynn:gaim:1.0.1
cpe:/a:rob_flynn:gaim:0.53
cpe:/a:rob_flynn:gaim:0.61
cpe:/a:rob_flynn:gaim:0.67
cpe:/a:rob_flynn:gaim:0.64
cpe:/a:rob_flynn:gaim:0.76
cpe:/a:rob_flynn:gaim:1.1.3
cpe:/a:rob_flynn:gaim:1.1.1
cpe:/a:rob_flynn:gaim:0.68
cpe:/a:rob_flynn:gaim:0.66
cpe:/a:rob_flynn:gaim:0.52

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:9544Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in...
oval:org.mitre.oval:def:744Gaim DoS via Yahoo! Message
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1269
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1269
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200506-159
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntulinux.org/support/documentation/usn/usn-139-1
(UNKNOWN)  UBUNTU  USN-139-1
http://www.securityfocus.com/bid/13931
(UNKNOWN)  BID  13931
http://security.gentoo.org/glsa/glsa-200506-11.xml
(UNKNOWN)  GENTOO  GLSA-200506-11
http://gaim.sourceforge.net/security/?id=18
(UNKNOWN)  CONFIRM  http://gaim.sourceforge.net/security/?id=18
http://www.securityfocus.com/archive/1/archive/1/426078/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:158543
http://www.redhat.com/support/errata/RHSA-2005-518.html
(UNKNOWN)  REDHAT  RHSA-2005:518
http://www.novell.com/linux/security/advisories/2005_36_sudo.html
(UNKNOWN)  SUSE  SUSE-SA:2005:036
http://www.mandriva.com/security/advisories?name=MDKSA-2005:099
(UNKNOWN)  MANDRAKE  MDKSA-2005:099
http://www.debian.org/security/2005/dsa-734
(UNKNOWN)  DEBIAN  DSA-734

- 漏洞信息

Gaim Yahoo!协议处理模块文件下载拒绝服务漏洞
中危 其他
2005-06-16 00:00:00 2005-10-20 00:00:00
远程  
        Gaim是一款Linux系统下的即时通讯软件,是一个同时支持多种协议的即时聊天工具,所支持的协议包括AIM、ICQ、MSN、IRC和Jabber。Gaim在使用Yahoo!协议下载文件时存在拒绝服务漏洞,远程攻击者可以利用这个漏洞导致受影响的客户端失效。
        如果客户端试图下载文件名中包含有非ASCII字符的文件时就会触发这个漏洞。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        http://gaim.sourceforge.net/downloads.php

- 漏洞信息 (F38499)

Debian Linux Security Advisory 734-1 (PacketStormID:F38499)
2005-07-07 00:00:00
Debian  security.debian.org
advisory,denial of service,protocol
linux,debian
CVE-2005-1269,CVE-2005-1934
[点击下载]

Debian Security Advisory DSA 734-1 - Two denial of service problems have been discovered in Gaim, a multi-protocol instant messaging client.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 734-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
July 5th, 2005                          http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gaim
Vulnerability  : denial of service
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2005-1269 CAN-2005-1934

Two denial of service problems have been discovered in Gaim, a
multi-protocol instant messaging client.  The Common Vulnerabilities
and Exposures project identifies the following problems:

CAN-2005-1269

    A malformed Yahoo filename can result in a crash of the application.

CAN-2005-1934

    A malformed MSN message can lead to incorrect memory allocation
    resulting in a crash of the application.

The old stable distribution (woody) does not seem to be affected.

For the stable distribution (sarge) these problems have been fixed in
version 1.2.1-1.3.

For the unstable distribution (sid) these problems have been fixed in
version 1.3.1-1.

We recommend that you upgrade your gaim package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3.dsc
      Size/MD5 checksum:      915 08a8121dcf20f0e36c99468cbaaac002
    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3.diff.gz
      Size/MD5 checksum:    31431 09e9da9c18435f6d667c6e80c9ab26d0
    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1.orig.tar.gz
      Size/MD5 checksum:  5215565 866598947a30005c9d2a4466c7182e2a

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gaim/gaim-data_1.2.1-1.3_all.deb
      Size/MD5 checksum:  2838688 76c3d0b41415b4cb2d1edb3ed1d5f2c1

  Alpha architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_alpha.deb
      Size/MD5 checksum:  1068836 99128d827c71cb5a35aeffc9825bc6da
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_alpha.deb
      Size/MD5 checksum:   102376 8964c622cba173c9ba8cc8ef7983cf5f

  ARM architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_arm.deb
      Size/MD5 checksum:   817872 7ee2f80c4b85f8ea12880d2ad0e7621d
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_arm.deb
      Size/MD5 checksum:   102396 e9fde25b9022a9deef7fcb261f5244e4

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_i386.deb
      Size/MD5 checksum:   879304 02c7ea4fc0221adf68ba5cdb565577dd
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_i386.deb
      Size/MD5 checksum:   102456 a28253b1296809d8b550824071a56e0f

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_ia64.deb
      Size/MD5 checksum:  1264300 90f0e5fe37360d51b657b34efb10d1fd
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_ia64.deb
      Size/MD5 checksum:   102366 b87cebb6c4baac35150397e410f275ea

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_hppa.deb
      Size/MD5 checksum:  1006988 f752b9a1ffe56551ca7be8788cd276e2
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_hppa.deb
      Size/MD5 checksum:   102416 b5fe26c4a7dc7e0f587ffe96303f4573

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_m68k.deb
      Size/MD5 checksum:   815860 7ee86bf4293389262fa6cfb4fbc67f19
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_m68k.deb
      Size/MD5 checksum:   102492 374e90c3d09183b34d010fcd350ec8c6

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_mips.deb
      Size/MD5 checksum:   855152 dc79ea02eadb95e5c047b73726852079
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_mips.deb
      Size/MD5 checksum:   102436 2d87357f298bb0257fa67feaacb52d81

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_mipsel.deb
      Size/MD5 checksum:   846430 3d45b57cf061fe01ceba0ac0ac1d1e83
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_mipsel.deb
      Size/MD5 checksum:   102378 dc0bd0059286063cc07474fdf59a69b3

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_powerpc.deb
      Size/MD5 checksum:   913466 05eebe5e52d3b6eceacecf46d68fe077
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_powerpc.deb
      Size/MD5 checksum:   102372 046b702811efab2bd95db4ea7d944099

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_s390.deb
      Size/MD5 checksum:   946232 876000b9f88e639426c6690ab73740d0
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_s390.deb
      Size/MD5 checksum:   102368 fe438d64fd244c2af559be56fde54090

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/g/gaim/gaim_1.2.1-1.3_sparc.deb
      Size/MD5 checksum:   850740 451213584a4ded0cc848ef96b91aebb0
    http://security.debian.org/pool/updates/main/g/gaim/gaim-dev_1.2.1-1.3_sparc.deb
      Size/MD5 checksum:   102384 62f0b8409fa18b8edcf069c7c59f8279


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFCyqf6W5ql+IAeqTIRAmeDAKCengiiQan3aCAekqoqmlVFpv6iXACeNDiG
s6IYAGaMj1EpPOIt6MGomeE=
=w+sH
-----END PGP SIGNATURE-----

    

- 漏洞信息 (F38153)

Gentoo Linux Security Advisory 200506-11 (PacketStormID:F38153)
2005-06-21 00:00:00
Gentoo  security.gentoo.org
advisory
linux,gentoo
CVE-2005-1269,CVE-2005-1934
[点击下载]

Gentoo Linux Security Advisory GLSA 200506-11 - Jacopo Ottaviani discovered a vulnerability in the Yahoo! file transfer code when being offered files with names containing non-ASCII characters (CVE-2005-1269). Versions less than 1.3.1 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200506-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: Normal
     Title: Gaim: Denial of Service vulnerabilities
      Date: June 12, 2005
      Bugs: #95347
        ID: 200506-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Gaim contains two remote Denial of Service vulnerabilities.

Background
==========

Gaim is a full featured instant messaging client which handles a
variety of instant messaging protocols.

Affected packages
=================

    -------------------------------------------------------------------
     Package      /  Vulnerable  /                          Unaffected
    -------------------------------------------------------------------
  1  net-im/gaim       < 1.3.1                                >= 1.3.1

Description
===========

Jacopo Ottaviani discovered a vulnerability in the Yahoo! file transfer
code when being offered files with names containing non-ASCII
characters (CAN-2005-1269).

Hugo de Bokkenrijder discovered a vulnerability when receiving
malformed MSN messages (CAN-2005-1934).

Impact
======

Both vulnerabilities cause Gaim to crash, resulting in a Denial of
Service.

Workaround
==========

There are no known workarounds at this time.

Resolution
==========

All Gaim users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/gaim-1.3.1"

References
==========

  [ 1 ] Gaim Vulnerability: Remote Yahoo! crash
        http://gaim.sourceforge.net/security/?id=18
  [ 2 ] Gaim Vulnerability: MSN Remote DoS
        http://gaim.sourceforge.net/security/?id=19
  [ 3 ] CAN-2005-1269
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1269
  [ 4 ] CAN-2005-1934
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1934

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200506-11.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0

    

- 漏洞信息 (F38147)

Ubuntu Security Notice 139-1 (PacketStormID:F38147)
2005-06-21 00:00:00
Ubuntu  ubuntu.com
advisory,remote,denial of service,arbitrary
linux,ubuntu
CVE-2005-1269
[点击下载]

Ubuntu Security Notice USN-139-1 - A remote Denial of Service vulnerability was discovered in Gaim. By initiating a file transfer with a file name containing certain international characters, a remote attacker could crash the Gaim client of an arbitrary Yahoo IM member.

===========================================================
Ubuntu Security Notice USN-139-1	      June 10, 2005
gaim vulnerability
CAN-2005-1269
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

gaim

The problem can be corrected by upgrading the affected package to
version 1:1.0.0-1ubuntu1.5 (for Ubuntu 4.10) and 1:1.1.4-1ubuntu4.2
(for Ubuntu 5.04).  In general, a standard system upgrade is
sufficient to effect the necessary changes.

Details follow:

A remote Denial of Service vulnerability was discovered in Gaim. By
initiating a file transfer with a file name containing certain
international characters (like an accented "a"), a remote attacker
could crash the Gaim client of an arbitrary Yahoo IM member.

Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5.diff.gz
      Size/MD5:    47643 dae420c8c466ef187f9157cca2644eec
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5.dsc
      Size/MD5:      853 47fdb16c0a0e882036108edd8a2f03e7
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0.orig.tar.gz
      Size/MD5:  6985979 7dde686aace751a49dce734fd0cb7ace

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5_amd64.deb
      Size/MD5:  3444822 5ef2a8e1516059da8e7d2f76df0bdaeb

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5_i386.deb
      Size/MD5:  3355122 243f3280dbe47787fa3f7d52f4a92f22

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.0.0-1ubuntu1.5_powerpc.deb
      Size/MD5:  3418440 92f51377d4697f86dbc3babb9e09f62f

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2.diff.gz
      Size/MD5:   107381 e824b45c92bb542fa8718aea91373821
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2.dsc
      Size/MD5:      991 0f10bb82a3d164e646c8c2e83c671545
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4.orig.tar.gz
      Size/MD5:  5188552 b55bf3217b271918384f3f015a6e5b62

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-data_1.1.4-1ubuntu4.2_all.deb
      Size/MD5:   603616 decd1eb5ccee08a36a563693d11e058b

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.2_amd64.deb
      Size/MD5:   101628 1a329b4b2983721dc9eac369149699b6
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2_amd64.deb
      Size/MD5:   934132 b1a096fa77f086863ea918e1e71af883

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.2_i386.deb
      Size/MD5:   101616 7883d1e21d5f89c728926532a259565d
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2_i386.deb
      Size/MD5:   845452 684351d1487e8d83df77a196ab146e8e

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim-dev_1.1.4-1ubuntu4.2_powerpc.deb
      Size/MD5:   101626 06cf77c8a05c61c563bbf1e5b224d133
    http://security.ubuntu.com/ubuntu/pool/main/g/gaim/gaim_1.1.4-1ubuntu4.2_powerpc.deb
      Size/MD5:   910300 47df8e404e6fa3c72a38bc18345f69ce
    

- 漏洞信息

17236
Gaim Yahoo! Module non-ASCII Filename DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

GAIM Yahoo! module contains a flaw that may allow a remote denial of service. The issue is triggered when the Yahoo module attempts to process a non-ASCII filename during a file transfer, and will result in loss of availability for the client.

- 时间线

2005-06-10 Unknow
2005-06-10 Unknow

- 解决方案

Upgrade to version 1.3.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Gaim Yahoo! Protocol Support File Download Denial of Service Vulnerability
Failure to Handle Exceptional Conditions 13931
Yes No
2005-06-10 12:00:00 2006-12-22 12:04:00
Discovery of this vulnerability is credited to Jacopo Ottaviani.

- 受影响的程序版本

SGI ProPack 3.0 SP5
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
Rob Flynn Gaim 1.2
Rob Flynn Gaim 1.1.4
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Conectiva Linux 4.1
+ Gentoo Linux
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Rob Flynn Gaim 1.1.3
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Rob Flynn Gaim 1.1.2
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Rob Flynn Gaim 1.1.1
Rob Flynn Gaim 1.0.2
+ Gentoo Linux
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux -current
Rob Flynn Gaim 1.0.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Rob Flynn Gaim 1.0
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Rob Flynn Gaim 0.82.1
Rob Flynn Gaim 0.82
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
Rob Flynn Gaim 0.78
Rob Flynn Gaim 0.75
Rob Flynn Gaim 0.74
Rob Flynn Gaim 0.73
Rob Flynn Gaim 0.72
Rob Flynn Gaim 0.71
+ Red Hat Fedora Core1
Rob Flynn Gaim 0.70
Rob Flynn Gaim 0.69
Rob Flynn Gaim 0.68
Rob Flynn Gaim 0.67
+ S.u.S.E. Linux Personal 9.0
Rob Flynn Gaim 0.66
Rob Flynn Gaim 0.65
Rob Flynn Gaim 0.64
Rob Flynn Gaim 0.63
Rob Flynn Gaim 0.62
Rob Flynn Gaim 0.61
Rob Flynn Gaim 0.60
Rob Flynn Gaim 0.59.1
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
Rob Flynn Gaim 0.59
+ Gentoo Linux 0.7
+ Gentoo Linux 0.5
+ HP Secure OS software for Linux 1.0
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ S.u.S.E. Linux 8.1
+ S.u.S.E. Linux Personal 8.2
+ Sun Linux 5.0
Rob Flynn Gaim 0.58
+ Debian Linux 3.0
Rob Flynn Gaim 0.57
Rob Flynn Gaim 0.56
Rob Flynn Gaim 0.55
Rob Flynn Gaim 0.54
Rob Flynn Gaim 0.53
Rob Flynn Gaim 0.52
Rob Flynn Gaim 0.51
+ MandrakeSoft Corporate Server 1.0.1
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
Rob Flynn Gaim 0.50
+ S.u.S.E. Linux 8.0
Rob Flynn Gaim 0.10.3
Rob Flynn Gaim 0.10 x
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 4
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Conectiva Linux 10.0
Rob Flynn Gaim 1.3.1

- 不受影响的程序版本

Rob Flynn Gaim 1.3.1

- 漏洞讨论

Gaim is affected by a denial-of-service vulnerability during the download of a file using the Yahoo! protocol. This issue can allow remote attackers to cause an affected client to fail.

A vulnerability in the client occurs when it tries to download a file that contains non-ASCII characters in the filename.

Gaim versions prior to 1.3.1 are reportedly affected by this vulnerability; other versions may also be affected.

- 漏洞利用

No exploit is required.

- 解决方案

Vendor upgrades are available. Please see the referenced advisories for more information.


Rob Flynn Gaim 0.10 x

Rob Flynn Gaim 0.10.3

Rob Flynn Gaim 0.50

Rob Flynn Gaim 0.51

Rob Flynn Gaim 0.52

Rob Flynn Gaim 0.53

Rob Flynn Gaim 0.54

Rob Flynn Gaim 0.55

Rob Flynn Gaim 0.56

Rob Flynn Gaim 0.57

Rob Flynn Gaim 0.58

Rob Flynn Gaim 0.59

Rob Flynn Gaim 0.59.1

Rob Flynn Gaim 0.60

Rob Flynn Gaim 0.61

Rob Flynn Gaim 0.62

Rob Flynn Gaim 0.63

Rob Flynn Gaim 0.64

Rob Flynn Gaim 0.65

Rob Flynn Gaim 0.66

Rob Flynn Gaim 0.67

Rob Flynn Gaim 0.68

Rob Flynn Gaim 0.69

Rob Flynn Gaim 0.70

Rob Flynn Gaim 0.71

Rob Flynn Gaim 0.72

Rob Flynn Gaim 0.73

Rob Flynn Gaim 0.74

Rob Flynn Gaim 0.75

Rob Flynn Gaim 0.78

Rob Flynn Gaim 0.82

Rob Flynn Gaim 0.82.1

Rob Flynn Gaim 1.0

Rob Flynn Gaim 1.0.1

Rob Flynn Gaim 1.0.2

Rob Flynn Gaim 1.1.1

Rob Flynn Gaim 1.1.2

Rob Flynn Gaim 1.1.3

Rob Flynn Gaim 1.1.4

Rob Flynn Gaim 1.2

Conectiva Linux 10.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站