漏洞信息详情
Gaim Manual浏览器命令任意命令执行漏洞
- CNNVD编号:CNNVD-200209-054
- 危害等级: 高危
- CVE编号: CVE-2002-0989
- 漏洞类型: 输入验证
- 发布时间: 2002-09-24
- 威胁类型: 远程
- 更新时间: 2005-05-02
- 厂 商: rob_flynn
- 漏洞来源: Discovery of this ...
漏洞简介
Gaim 0.59.1版本的manual浏览器选项的URL处理器存在漏洞。远程攻击者借助连接的shell元字符执行任意脚本。
漏洞公告
Gentoo Linux users who are using net-im/gaim-0.59 and earlier are advised to upgrade their systems using the following: emerge rsync emerge gaim emerge clean HP has released an advisory for HP Secure OS Software for Linux Release 1.0. Users are advised to apply the fixes provided in the attached Red Hat advisory (RHSA-2002:189-08) to address this problem with systems running HP Secure OS Software for Linux. FreeBSD has released upgrades. Users are advised to upgrade their Ports collection and reinstall the affected port. The following fixes are available: Rob Flynn Gaim 0.51
- Mandrake gaim-0.59.1-1.1mdk.i586.rpmLinux-Mandrake 7.1. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.i586.rpmLinux-Mandrake 7.2. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.i586.rpmMandrake Corporate Server 1.0.1. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.i586.rpmMandrake Linux 8.0. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.i586.rpmMandrake Linux 8.1. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.i586.rpmMandrake Linux 8.2. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.ia64.rpmMandrake Linux 8.1/ia64. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.ppc.rpmMandrake Linux 8.0/ppc. http://www.mandrakesecure.net/en/ftp.php
- Mandrake gaim-0.59.1-1.1mdk.ppc.rpmMandrake Linux 8.2/ppc. http://www.mandrakesecure.net/en/ftp.php
- Rob Flynn gaim-0.59.1.tar.gz http://prdownloads.sourceforge.net/gaim/gaim-0.59.1.tar.gz
- Rob Flynn gaim-0.59.1.tar.gz http://prdownloads.sourceforge.net/gaim/gaim-0.59.1.tar.gz
- Debian gaim-common_0.58-2.2_alpha.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_alpha.deb
- Debian gaim-common_0.58-2.2_arm.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_arm.deb
- Debian gaim-common_0.58-2.2_hppa.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_hppa.deb
- Debian gaim-common_0.58-2.2_i386.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_i386.deb
- Debian gaim-common_0.58-2.2_ia64.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_ia64.deb
- Debian gaim-common_0.58-2.2_m68k.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_m68k.deb
- Debian gaim-common_0.58-2.2_mips.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_mips.deb
- Debian gaim-common_0.58-2.2_mipsel.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_mipsel.deb
- Debian gaim-common_0.58-2.2_powerpc.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_powerpc.deb
- Debian gaim-common_0.58-2.2_s390.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_s390.deb
- Debian gaim-common_0.58-2.2_sparc.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2 .2_sparc.deb
- Debian gaim-gnome_0.58-2.2_alpha.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_alpha.deb
- Debian gaim-gnome_0.58-2.2_arm.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_arm.deb
- Debian gaim-gnome_0.58-2.2_hppa.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_hppa.deb
- Debian gaim-gnome_0.58-2.2_i386.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_i386.deb
- Debian gaim-gnome_0.58-2.2_ia64.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_ia64.deb
- Debian gaim-gnome_0.58-2.2_m68k.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_m68k.deb
- Debian gaim-gnome_0.58-2.2_mips.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_mips.deb
- Debian gaim-gnome_0.58-2.2_mipsel.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_mipsel.deb
- Debian gaim-gnome_0.58-2.2_powerpc.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_powerpc.deb
- Debian gaim-gnome_0.58-2.2_s390.deb http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2. 2_s390.deb
-
Debian gaim-gnome_0.58-2.2_sparc.deb
http://security
参考网址
来源: DEBIAN 名称: DSA-158 链接:http://www.debian.org/security/2002/dsa-158 来源: bugzilla.redhat.com 链接:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728 来源: gaim.sourceforge.net 链接:http://gaim.sourceforge.net/ChangeLog 来源: BID 名称: 5574 链接:http://www.securityfocus.com/bid/5574 来源: REDHAT 名称: RHSA-2003:156 链接:http://www.redhat.com/support/errata/RHSA-2003-156.HTML 来源: REDHAT 名称: RHSA-2002:191 链接:http://www.redhat.com/support/errata/RHSA-2002-191.HTML 来源: REDHAT 名称: RHSA-2002:190 链接:http://www.redhat.com/support/errata/RHSA-2002-190.HTML 来源: REDHAT 名称: RHSA-2002:189 链接:http://www.redhat.com/support/errata/RHSA-2002-189.HTML 来源: OSVDB 名称: 5033 链接:http://www.osvdb.org/5033 来源: XF 名称: gaim-url-handler-command-execution(9978) 链接:http://www.iss.net/security_center/static/9978.php 来源: HP 名称: HPSBTL0209-067 链接:http://online.securityfocus.com/advisories/4471 来源: BUGTRAQ 名称: 20020827 GLSA: gaim 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103046442403404&w=2 来源: MANDRAKE 名称: MDKSA-2002:054 链接:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054 来源: CONECTIVA 名称: CLA-2002:521 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521 来源: FREEBSD 名称: FreeBSD-SN-02:06 链接:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc
受影响实体
- Rob_flynn Gaim:0.59
- Rob_flynn Gaim:0.58
- Rob_flynn Gaim:0.56
- Rob_flynn Gaim:0.54
- Rob_flynn Gaim:0.55
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论