Vulnerabilities > CVE-2004-2589 - Multiple vulnerability in Gaim

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

rob-flynn

nessus

NVD

Published: 2004-12-31

Updated: 2017-07-11

Summary

Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory.

Vulnerable Configurations

Part	Description	Count
Application	Rob_Flynn ROB Flynn Gaim 0.10 ROB Flynn Gaim 0.10.3 ROB Flynn Gaim 0.50 ROB Flynn Gaim 0.51 ROB Flynn Gaim 0.52 ROB Flynn Gaim 0.53 ROB Flynn Gaim 0.54 ROB Flynn Gaim 0.55 ROB Flynn Gaim 0.56 ROB Flynn Gaim 0.57 ROB Flynn Gaim 0.58 ROB Flynn Gaim 0.59 ROB Flynn Gaim 0.59.1 ROB Flynn Gaim 0.60 ROB Flynn Gaim 0.61 ROB Flynn Gaim 0.62 ROB Flynn Gaim 0.63 ROB Flynn Gaim 0.64 ROB Flynn Gaim 0.65 ROB Flynn Gaim 0.66 ROB Flynn Gaim 0.67 ROB Flynn Gaim 0.68 ROB Flynn Gaim 0.69 ROB Flynn Gaim 0.70 ROB Flynn Gaim 0.71 ROB Flynn Gaim 0.72 ROB Flynn Gaim 0.73 ROB Flynn Gaim 0.74 ROB Flynn Gaim 0.75 ROB Flynn Gaim 0.76 ROB Flynn Gaim 0.77 ROB Flynn Gaim 0.78 ROB Flynn Gaim 0.79 ROB Flynn Gaim 0.80 ROB Flynn Gaim 0.81 ROB Flynn Gaim 0.82	36

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-278.NASL
description	0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	14373
published	2004-08-26
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14373
title	Fedora Core 1 : gaim-0.82-0.FC1 (2004-278)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-278. # include("compat.inc"); if (description) { script_id(14373); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-0500", "CVE-2004-0754", "CVE-2004-0784", "CVE-2004-0785", "CVE-2004-2589"); script_xref(name:"FEDORA", value:"2004-278"); script_name(english:"Fedora Core 1 : gaim-0.82-0.FC1 (2004-278)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-August/000270.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ddb24056" ); script_set_attribute( attribute:"solution", value:"Update the affected gaim and / or gaim-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:1"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^1([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 1.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC1", reference:"gaim-0.82-0.FC1")) flag++; if (rpm_check(release:"FC1", reference:"gaim-debuginfo-0.82-0.FC1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gaim / gaim-debuginfo"); }

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2004-279.NASL
description	0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	14374
published	2004-08-26
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14374
title	Fedora Core 2 : gaim-0.82-0.FC2 (2004-279)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2004-279. # include("compat.inc"); if (description) { script_id(14374); script_version ("1.21"); script_cvs_date("Date: 2019/08/02 13:32:23"); script_cve_id("CVE-2004-0500", "CVE-2004-0754", "CVE-2004-0784", "CVE-2004-0785", "CVE-2004-2589"); script_xref(name:"FEDORA", value:"2004-279"); script_name(english:"Fedora Core 2 : gaim-0.82-0.FC2 (2004-279)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora Core host is missing a security update." ); script_set_attribute( attribute:"description", value: "0.82 update contains many bug and security improvements. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); # https://lists.fedoraproject.org/pipermail/announce/2004-August/000271.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?41515b08" ); script_set_attribute( attribute:"solution", value:"Update the affected gaim and / or gaim-debuginfo packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gaim-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/08/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/08/26"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) \|\| "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^2([^0-9]\|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC2", reference:"gaim-0.82-0.FC2")) flag++; if (rpm_check(release:"FC2", reference:"gaim-debuginfo-0.82-0.FC2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gaim / gaim-debuginfo"); }

Summary

Vulnerable Configurations

Nessus

References