RHEL 2.1 : gaim (RHSA-2002:122)

high Nessus Plugin ID 12633

Synopsis

The remote Red Hat host is missing a security update.

Description

Updated gaim packages are now available for Red Hat Linux Advanced Server. These updates fix a buffer overflow in the Jabber plug-in module.

Gaim is an instant messaging client based on the published TOC protocol from AOL. Versions of gaim prior to 0.58 contain a buffer overflow in the Jabber plug-in module.

Users of gaim should update to these errata packages containing gaim 0.59 which is not vulnerable to this issue.

Please note that gaim version 0.57 had an additional security problem which has been fixed in version 0.58 (CVE-2002-0377); however, Red Hat Linux Advanced Server did not ship with version 0.57 and was not vulnerable to this issue.

[update 14 Aug 2002] Previous packages pushed were not signed, this update replaces the packages with signed versions

Solution

Update the affected gaim package.

See Also

https://access.redhat.com/security/cve/cve-2002-0384

http://www.pidgin.im/ChangeLog

https://access.redhat.com/errata/RHSA-2002:122

Plugin Details

Severity: High

ID: 12633

File Name: redhat-RHSA-2002-122.nasl

Version: 1.27

Type: local

Agent: unix

Published: 7/6/2004

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:gaim, cpe:/o:redhat:enterprise_linux:2.1

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 8/20/2002

Vulnerability Publication Date: 10/4/2002

Reference Information

CVE: CVE-2002-0384

RHSA: 2002:122