Rapid7 Vulnerability & Exploit Database

RHSA-2002:190: Updated gaim client fixes URL vulnerability

Back to Search

RHSA-2002:190: Updated gaim client fixes URL vulnerability

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
09/24/2002
Created
07/25/2018
Added
03/24/2010
Modified
07/04/2017

Description

Updated gaim packages are now available for Red Hat Powertools 7. These updates fix a vulnerability in the URL handler.

Gaim is an all-in-one instant messaging client that lets you use a number of messaging protocols such as AIM, ICQ, and Yahoo, all at once. Versions of gaim prior to 0.59.1 contain a bug in the URL handler of the manual browser option. A link can be carefully crafted to contain an arbitrary shell script which will be executed if the user clicks on the link. Users of gaim should update to these errata packages containing gaim 0.59.1 which is not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-gaim

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;