View previous topic :: View next topic |
Author |
Message |
GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Wed Jul 27, 2005 7:19 am Post subject: [ GLSA 200507-26 ] GNU Gadu, CenterICQ, Kadu, EKG, libgadu: |
|
|
Gentoo Linux Security Advisory
Title: GNU Gadu, CenterICQ, Kadu, EKG, libgadu: Remote code execution in Gadu library (GLSA 200507-26)
Severity: high
Exploitable: remote
Date: July 27, 2005
Updated: February 26, 2007
Bug(s): #99816, #99890, #99583
ID: 200507-26
Synopsis
GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow which could potentially lead to the execution of arbitrary code or a Denial of Service.
Background
GNU Gadu, CenterICQ, Kadu and EKG are instant messaging applications created to support Gadu Gadu instant messaging protocol. libgadu is a library that implements the client side of the Gadu-Gadu protocol.
Affected Packages
Package: net-im/gnugadu
Vulnerable: < 2.2.6-r1
Unaffected: >= 2.2.6-r1
Architectures: All supported architectures
Package: net-im/centericq
Vulnerable: < 4.20.0-r3
Unaffected: >= 4.20.0-r3
Architectures: All supported architectures
Package: net-im/kadu
Vulnerable: < 0.4.1
Unaffected: >= 0.4.1
Architectures: All supported architectures
Package: net-im/ekg
Vulnerable: < 1.6_rc3
Unaffected: >= 1.6_rc3
Architectures: All supported architectures
Package: net-libs/libgadu
Vulnerable: < 1.7.0_pre20050719
Unaffected: >= 1.7.0_pre20050719
Architectures: All supported architectures
Description
GNU Gadu, CenterICQ, Kadu, EKG and libgadu are vulnerable to an integer overflow.
Impact
A remote attacker could exploit the integer overflow to execute arbitrary code or cause a Denial of Service.
Workaround
There is no known workaround at this time.
Resolution
All GNU Gadu users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/gnugadu-2.2.6-r1" | All Kadu users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/kadu-0.4.1" | All EKG users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/ekg-1.6_rc3" | All libgadu users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/libgadu-20050719" | All CenterICQ users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-im/centericq-4.20.0-r3" | CenterICQ is no longer distributed with Gadu Gadu support, affected users are encouraged to migrate to an alternative package.
References
CAN-2005-1852
BugTraq Announcement
Last edited by GLSA on Wed Jan 02, 2008 4:17 am; edited 4 times in total |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|