[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] remotely exploitable bug in gaim

To: linux-security
Subject: [linux-security] remotely exploitable bug in gaim
From: Martin Siegert <siegert@sfu.ca>
Date: Wed, 11 Sep 2002 18:43:54 -0700
User-Agent: Mutt/1.4i

Topic
=====
bug in gaim's URL handler remotely exploitable

Problem Description
===================
Gaim is an all-in-one instant messaging client that lets you use a number of
messaging protocols such as AIM, ICQ, and Yahoo, all at once.
  
Versions of gaim prior to 0.59.1 contain a bug in the URL handler of
the manual browser option.  A link can be carefully crafted to contain
an arbitrary shell script which will be executed if the user clicks on
the link.

Affected Systems
================
gaim versions 0.59 and earlier

Solution
========
upgrade to version 0.59.1

RedHat 7.1
----------
rpm -Fvh gaim-0.59.1-0.7.1.i386.rpm

RedHat 7.2
----------
rpm -Fvh gaim-0.59.1-0.7.2.i386.rpm

RedHat 7.3
----------
rpm -Fvh gaim-0.59.1-0.7.3.i386.rpm

Mandrake 8.1
------------
rpm -Fvh gaim-0.59.1-1.1mdk.i586.rpm

Prev by Date: [linux-security] buffer overflows in ethereal
Next by Date: [linux-security] remotely exploitable bugs in worldtrans-web
Prev by thread: [linux-security] remotely exploitable bugs in worldtrans-web
Next by thread: [linux-security] buffer overflows in ethereal
Index(es):
- Date
- Thread