CVE-2005-2103
CVSS7.5
发布时间 :2005-08-16 00:00:00
修订时间 :2010-08-21 00:30:11
NMCOPS    

[原文]Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.


[CNNVD]Gaim 缓冲区溢出漏洞(CNNVD-200508-120)

        Gaim是一款Linux系统下的即时通讯软件,是一个同时支持多种协议的即时聊天工具,所支持的协议包括AIM、ICQ、MSN、IRC和Jabber。
        Gaim处理away消息的方式存在缓冲区溢出漏洞。远程攻击者可以向登陆到AIM或ICQ的Gaim用户发送特制的away消息,导致执行任意代码。
        Gaim中还存在拒绝服务漏洞。远程攻击者可以向登陆到AIM或ICQ的用户上传有特制文件名的文件,导致Gaim崩溃。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:rob_flynn:gaim:0.63
cpe:/a:rob_flynn:gaim:1.2.1
cpe:/a:rob_flynn:gaim:0.56
cpe:/a:rob_flynn:gaim:0.54
cpe:/a:rob_flynn:gaim:0.60
cpe:/a:rob_flynn:gaim:0.79
cpe:/a:rob_flynn:gaim:0.10
cpe:/a:rob_flynn:gaim:1.0
cpe:/a:rob_flynn:gaim:0.71
cpe:/a:rob_flynn:gaim:1.2.0
cpe:/a:rob_flynn:gaim:1.1.4
cpe:/a:rob_flynn:gaim:0.81
cpe:/a:rob_flynn:gaim:0.73
cpe:/a:rob_flynn:gaim:0.77
cpe:/a:rob_flynn:gaim:0.72
cpe:/a:rob_flynn:gaim:0.50
cpe:/a:rob_flynn:gaim:0.59.1
cpe:/a:rob_flynn:gaim:0.70
cpe:/a:rob_flynn:gaim:0.80
cpe:/a:rob_flynn:gaim:0.59
cpe:/a:rob_flynn:gaim:0.82.1
cpe:/a:rob_flynn:gaim:1.3.1
cpe:/a:rob_flynn:gaim:1.0.3
cpe:/a:rob_flynn:gaim:0.51
cpe:/a:rob_flynn:gaim:0.65
cpe:/a:rob_flynn:gaim:1.3.0
cpe:/a:rob_flynn:gaim:0.69
cpe:/a:rob_flynn:gaim:0.10.3
cpe:/a:rob_flynn:gaim:1.1.0
cpe:/a:rob_flynn:gaim:0.74
cpe:/a:rob_flynn:gaim:1.0.0
cpe:/a:rob_flynn:gaim:0.58
cpe:/a:rob_flynn:gaim:1.1.2
cpe:/a:rob_flynn:gaim:0.62
cpe:/a:rob_flynn:gaim:0.82
cpe:/a:rob_flynn:gaim:1.0.2
cpe:/a:rob_flynn:gaim:0.78
cpe:/a:rob_flynn:gaim:0.55
cpe:/a:rob_flynn:gaim:0.57
cpe:/a:rob_flynn:gaim:0.75
cpe:/a:rob_flynn:gaim:1.0.1
cpe:/a:rob_flynn:gaim:1.4.0
cpe:/a:rob_flynn:gaim:0.53
cpe:/a:rob_flynn:gaim:0.61
cpe:/a:rob_flynn:gaim:0.67
cpe:/a:rob_flynn:gaim:0.64
cpe:/a:rob_flynn:gaim:0.76
cpe:/a:rob_flynn:gaim:1.1.3
cpe:/a:rob_flynn:gaim:1.1.1
cpe:/a:rob_flynn:gaim:0.68
cpe:/a:rob_flynn:gaim:0.66
cpe:/a:rob_flynn:gaim:0.52

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:11477Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and ...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2103
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2103
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-120
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntulinux.org/support/documentation/usn/usn-168-1
(VENDOR_ADVISORY)  UBUNTU  USN-168-1
http://gaim.sourceforge.net/security/?id=22
(UNKNOWN)  CONFIRM  http://gaim.sourceforge.net/security/?id=22
http://www.securityfocus.com/bid/14531
(UNKNOWN)  BID  14531
http://www.securityfocus.com/archive/1/archive/1/426078/100/0/threaded
(UNKNOWN)  FEDORA  FLSA:158543
http://www.redhat.com/support/errata/RHSA-2005-627.html
(UNKNOWN)  REDHAT  RHSA-2005:627
http://www.redhat.com/support/errata/RHSA-2005-589.html
(UNKNOWN)  REDHAT  RHSA-2005:589
http://www.novell.com/linux/security/advisories/2005_19_sr.html
(UNKNOWN)  SUSE  SUSE-SR:2005:019

- 漏洞信息

Gaim 缓冲区溢出漏洞
高危 缓冲区溢出
2005-08-16 00:00:00 2005-10-20 00:00:00
远程  
        Gaim是一款Linux系统下的即时通讯软件,是一个同时支持多种协议的即时聊天工具,所支持的协议包括AIM、ICQ、MSN、IRC和Jabber。
        Gaim处理away消息的方式存在缓冲区溢出漏洞。远程攻击者可以向登陆到AIM或ICQ的Gaim用户发送特制的away消息,导致执行任意代码。
        Gaim中还存在拒绝服务漏洞。远程攻击者可以向登陆到AIM或ICQ的用户上传有特制文件名的文件,导致Gaim崩溃。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Sun Solaris 10.0
        Sun 120739-04
        SPARC Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120739-04-1
        Turbolinux Turbolinux 10 F...
        Turbolinux cups-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-1.1.19-26.i586.rpm
        Turbolinux cups-devel-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-devel-1.1.19-26.i586.rpm
        Turbolinux cups-libs-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-libs-1.1.19-26.i586.rpm
        Turbolinux Home
        Turbolinux cups-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-1.1.19-26.i586.rpm
        Turbolinux cups-devel-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-devel-1.1.19-26.i586.rpm
        Turbolinux cups-libs-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-libs-1.1.19-26.i586.rpm
        Sun Solaris 10.0_x86
        Sun 120740-04
        x86 Platform
        http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -120740-04-1
        TurboLinux Personal
        Turbolinux cups-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-1.1.19-26.i586.rpm
        Turbolinux cups-devel-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-devel-1.1.19-26.i586.rpm
        Turbolinux cups-libs-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-libs-1.1.19-26.i586.rpm
        TurboLinux Multimedia
        Turbolinux cups-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-1.1.19-26.i586.rpm
        Turbolinux cups-devel-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-devel-1.1.19-26.i586.rpm
        Turbolinux cups-libs-1.1.19-26.i586.rpm
        Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/Desktop/10/u pdates/RPMS/cups-libs-1.1.19-26.i586.rpm
        Turbolinux Appliance Server Workgroup Edition 1.0
        Turbolinux cups-1.1.19-26.i586.rpm
        Turbolinux Appliance Server and Workgroup 1.0 Hosting Edition
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/
        Turbolinux cups-devel-1.1.19-26.i586.rpm
        Turbolinux 8 Workstation
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/
        Turbolinux cups-libs-1.1.19-26.i586.rpm
        Turbolinux 8 Workstation
        ftp://ftp.turbolinux.co.jp/pub/TurboLinux/TurboLinux/ia32/
        Turbolinux Appliance Server Hosting Edition 1.0
        Turbolinux cups-1.1.19-26.i586.rpm
        Turbolinux Appliance Server and Workgroup 1.0 Hosting Edition
        ftp://

- 漏洞信息 (F39421)

Gentoo Linux Security Advisory 200508-6 (PacketStormID:F39421)
2005-08-17 00:00:00
Gentoo  security.gentoo.org
advisory,overflow
linux,gentoo
CVE-2005-2102,CVE-2005-2103
[点击下载]

Gentoo Linux Security Advisory GLSA 200508-06 - Brandon Perry discovered that Gaim is vulnerable to a heap-based buffer overflow when handling away messages (CVE-2005-2103). Furthermore, Daniel Atallah discovered a vulnerability in the handling of file transfers (CVE-2005-2102). Versions less than 1.5.0 are affected.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 200508-06
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

  Severity: High
     Title: Gaim: Remote execution of arbitrary code
      Date: August 15, 2005
      Bugs: #102000
        ID: 200508-06

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Gaim is vulnerable to a buffer overflow which could lead to the
execution of arbitrary code or to a Denial of Service.

Background
==========

Gaim is a full featured instant messaging client which handles a
variety of instant messaging protocols.

Affected packages
=================

    -------------------------------------------------------------------
     Package      /  Vulnerable  /                          Unaffected
    -------------------------------------------------------------------
  1  net-im/gaim       < 1.5.0                                >= 1.5.0

Description
===========

Brandon Perry discovered that Gaim is vulnerable to a heap-based buffer
overflow when handling away messages (CAN-2005-2103). Furthermore,
Daniel Atallah discovered a vulnerability in the handling of file
transfers (CAN-2005-2102).

Impact
======

A remote attacker could create a specially crafted away message which,
when viewed by the target user, could lead to the execution of
arbitrary code. Also, an attacker could send a file with a non-UTF8
filename to a user, which would result in a Denial of Service.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All Gaim users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose ">=net-im/gaim-1.5.0"

References
==========

  [ 1 ] CAN-2005-2102
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2102
  [ 2 ] CAN-2005-2103
        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2103

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

  http://security.gentoo.org/glsa/glsa-200508-06.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.

License
=======

Copyright 2005 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.0
    

- 漏洞信息

18669
Gaim Away Message Processing Remote Overflow
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

A remote overflow exists in gaim. The program fails to validate away messages resulting in a buffer overflow. With a specially crafted away message, an attacker can cause arbitrary code execution resulting in a loss of integrity.

- 时间线

2005-08-10 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.5.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Gaim AIM/ICQ Protocols Multiple Vulnerabilities
Unknown 14531
Yes No
2005-08-10 12:00:00 2006-12-22 12:04:00
Discovery of the buffer overflow issue has been credited to Brandon Perry. The denial of service issue was discovered by Daniel Atallah.

- 受影响的程序版本

Ubuntu Ubuntu Linux 5.0 4 powerpc
Ubuntu Ubuntu Linux 5.0 4 i386
Ubuntu Ubuntu Linux 5.0 4 amd64
Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 7
+ Linux kernel 2.4.19
Slackware Linux 10.1
Slackware Linux 10.0
Slackware Linux 9.1
Slackware Linux 9.0
Slackware Linux -current
SGI ProPack 3.0 SP6
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Linux Professional 9.3 x86_64
S.u.S.E. Linux Professional 9.3
S.u.S.E. Linux Professional 9.2 x86_64
S.u.S.E. Linux Professional 9.2
S.u.S.E. Linux Professional 9.1 x86_64
S.u.S.E. Linux Professional 9.1
S.u.S.E. Linux Professional 9.0 x86_64
S.u.S.E. Linux Professional 9.0
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 8.2
S.u.S.E. Linux Professional 7.3
S.u.S.E. Linux Personal 9.3 x86_64
S.u.S.E. Linux Personal 9.3
S.u.S.E. Linux Personal 9.2 x86_64
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1 x86_64
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Desktop 1.0
Rob Flynn Gaim 1.3.1
Rob Flynn Gaim 1.3 .0
Rob Flynn Gaim 1.2.1
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Gentoo Linux
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 3
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 3
Rob Flynn Gaim 1.2
Rob Flynn Gaim 1.1.4
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Conectiva Linux 4.1
+ Gentoo Linux
+ MandrakeSoft Corporate Server 3.0 x86_64
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Rob Flynn Gaim 1.1.3
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Rob Flynn Gaim 1.1.2
+ Red Hat Fedora Core3
+ Red Hat Fedora Core2
Rob Flynn Gaim 1.1.1
Rob Flynn Gaim 1.0.2
+ Gentoo Linux
+ Slackware Linux 10.0
+ Slackware Linux 9.1
+ Slackware Linux 9.0
+ Slackware Linux -current
Rob Flynn Gaim 1.0.1
+ Red Hat Enterprise Linux AS 3
+ RedHat Desktop 3.0
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 3
Rob Flynn Gaim 1.0
+ Conectiva Linux 10.0
+ Conectiva Linux 9.0
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
RedHat Enterprise Linux WS 2.1 IA64
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1 IA64
RedHat Enterprise Linux ES 2.1
RedHat Desktop 4.0
RedHat Advanced Workstation for the Itanium Processor 2.1 IA64
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Fedora Core4
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Red Hat Enterprise Linux AS 2.1 IA64
Red Hat Enterprise Linux AS 2.1
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Gentoo Linux
Conectiva Linux 10.0

- 漏洞讨论

Gaim is prone to multiple vulnerabilities affecting the AIM and ICQ protocols. These issues may allow remote attackers to trigger a buffer overflow or a denial-of-service condition.

All versions of Gaim 1.x are considered vulnerable at the moment.

- 漏洞利用

The following proof of concept example is available for the buffer overflow issue:

%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n
%n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n %n

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Vendor upgrades are available. Please see the referenced advisories for more information.


Slackware Linux -current

Rob Flynn Gaim 1.0

Rob Flynn Gaim 1.0.1

Rob Flynn Gaim 1.1.4

Rob Flynn Gaim 1.3 .0

Conectiva Linux 10.0

SGI ProPack 3.0 SP6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站