PROBLEM: | It was discovered that Gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code. |
PLATFORM: | Debian GNU/Linux 4.0 (etch) |
DAMAGE: | Execute arbitrary code. |
SOLUTION: | Upgrade to the appropriate version. |
VULNERABILITY ASSESSMENT: |
The risk is MEDIUM. These could allow a remote attacker to execute arbitrary code. |
CVSS 2 BASE SCORE: TEMPORAL SCORE: VECTOR: |
7.5 6.2 (AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C) |
LINKS: | |
CIAC BULLETIN: | http://www.ciac.org/ciac/bulletins/s-366.shtml |
ORIGINAL BULLETIN: | http://www.debian.org/security/2008/dsa-1610 |
CVE: | CVE-2008-2927 |
[***** Start Debian Security Advisory DSA-1610-1 *****]
It was discovered that gaim, an multi-protocol instant messaging client, was vulnerable to several integer overflows in its MSN protocol handlers. These could allow a remote attacker to execute arbitrary code.
For the stable distribution (etch), this problem has been fixed in version 1:2.0.0+beta5-10etch1.
For the unstable distribution (sid), this package is not present.
We recommend that you upgrade your gaim package.
MD5 checksums of the listed files are available in the original advisory.
[***** End Debian Security Advisory DSA-1610-1 *****]
Voice: +1 925-422-8193 (7 x 24) FAX: +1 925-423-8002 STU-III: +1 925-423-2604 E-mail: ciac@ciac.org World Wide Web: http://www.ciac.org/ Anonymous FTP: ftp.ciac.org