Linux Security
    Linux Security
    Linux Security

    Debian: Gaim hyperlink vulnerability

    Date 27 Aug 2002
    Posted By LinuxSecurity Advisories
    The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code.
    Debian Security Advisory DSA 158-1                     This email address is being protected from spambots. You need JavaScript enabled to view it.                             Martin Schulze
    August 27th, 2002              
    Package        : gaim
    Vulnerability  : arbitrary program execution
    Problem-Type   : remote
    Debian-specific: no
    The developers of Gaim, an instant messenger client that combines
    several different networks, found a vulnerability in the hyperlink
    handling code.  The 'Manual' browser command passes an untrusted
    string to the shell without escaping or reliable quoting, permitting
    an attacker to execute arbitrary commands on the users machine.
    Unfortunately, Gaim doesn't display the hyperlink before the user
    clicks on it.  Users who use other inbuilt browser commands aren't
    This problem has been fixed in version 0.58-2.2 for the current
    stable distribution (woody) and in version 0.59.1-2 for the unstable
    distribution (sid).  The old stable distribution (potato) is not
    affected since it doesn't ship the Gaim program.
    The fixed version of Gaim no longer passes the user's manual browser
    command to the shell.  Commands which contain the %s in quotes will
    need to be amended, so they don't contain any quotes.  The 'Manual'
    browser command can be edited in the 'General' pane of the
    'Preferences' dialog, which can be accessed by clicking 'Options' from
    the login window, or 'Tools' and then 'Preferences' from the menu bar
    in the buddy list window.
    We recommend that you upgrade your gaim package immediately.
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    Debian GNU/Linux 3.0 alias woody
      Source archives:
          Size/MD5 checksum:      681 388e7ad7ea82f72e80f5e7b950b74d9f
          Size/MD5 checksum:    21077 f40a10f65ec69c219209f3833a601451
          Size/MD5 checksum:  1928057 644df289daeca5f9dd3983d65c8b2407
      Alpha architecture:
          Size/MD5 checksum:   479720 4d8e4ea7f37653cc63bd9c6f3f5b2698
          Size/MD5 checksum:   674568 60234f1a1896d77e924e9ebb99eee12b
          Size/MD5 checksum:   501208 932052409cdc11ea89330709a41f32e4
      ARM architecture:
          Size/MD5 checksum:   401834 6a25ab2f49f104a8cb60dfb266687b4e
          Size/MD5 checksum:   614864 251f521cfe92b00282f3d633e2ecdc06
          Size/MD5 checksum:   422330 420edd09bad2f4587b843f18e7c56a0c
      Intel IA-32 architecture:
          Size/MD5 checksum:   389256 bb1688d11f1e444e7116e3ce48d4b299
          Size/MD5 checksum:   606056 ff6443a2cc3be13f8d97f8c56f93bf05
          Size/MD5 checksum:   409108 028dc6cfa04b921f94500853d65f1069
      Intel IA-64 architecture:
          Size/MD5 checksum:   557146 d99d9f408b423e4ecb572d6c529ec271
          Size/MD5 checksum:   765084 20cf4447c02e5691f90f7c19088dc556
          Size/MD5 checksum:   569896 829bba8b920ff5355cbc72dc918bc6a4
      HP Precision architecture:
          Size/MD5 checksum:   459416 42f17cb42279fd9148a44be663244298
          Size/MD5 checksum:   690992 b6e1d262705760055eb6fd3c2a8b393e
          Size/MD5 checksum:   481388 5c142618e62f2d67d2bc827722668ff5
      Motorola 680x0 architecture:
          Size/MD5 checksum:   370536 5d39e480ed1d679defe431f572057f84
          Size/MD5 checksum:   622442 50592bfee0dae035546809ffbf1cb4c6
          Size/MD5 checksum:   392112 03fd2c0fbb9609f8d3a32f72f9e0cb4c
      Big endian MIPS architecture:
          Size/MD5 checksum:   406360 7b6285a0ff3524dd0880b1a527ed34f7
          Size/MD5 checksum:   614736 a5f56778d9f5dc6a8a994cd00dec3e11
          Size/MD5 checksum:   427188 8eae2b955d9f1d52eb98040b6a34500c
      Little endian MIPS architecture:
          Size/MD5 checksum:   396998 1c0c22d86c37c1d45be00ae5109398cb
          Size/MD5 checksum:   607172 656a46f56cf74c5a3344867d6035ac32
          Size/MD5 checksum:   416714 f0cc84cc3ebc22a57676fc772c2d0ac6
      PowerPC architecture:
          Size/MD5 checksum:   413474 b550a080853403e43b22b87e93cf5d49
          Size/MD5 checksum:   642704 6cc33cd7c71f9d9aa876fdc8ec9d398a
          Size/MD5 checksum:   434308 cb41515071ff367d0ef4fc0f5584922e
      IBM S/390 architecture:
          Size/MD5 checksum:   392194 06512a9f37536e2e35c1f86005fd5756
          Size/MD5 checksum:   639284 4da689aa738e0a4d9e2cd8f706ba43d2
          Size/MD5 checksum:   413366 86da87c92f1683a5fc28f48a81a8fdea
      Sun Sparc architecture:
          Size/MD5 checksum:   409692 235cd54de30bc2350327f9f23402c2b3
          Size/MD5 checksum:   653688 7db26ec6875eb42c7a655fb9622f0128
          Size/MD5 checksum:   428526 3e4ecedebe2eeaa38c4857f5a37816dc
      These files will probably be moved into the stable distribution on
      its next revision.
    For apt-get: deb stable/updates main
    For dpkg-ftp: dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and

    LinuxSecurity Poll

    'Tis the season of giving! How have you given back to the open-source community?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"171","title":"I've contributed to the development of an open-source project.","votes":"11","type":"x","order":"1","pct":34.38,"resources":[]},{"id":"172","title":"I've reviewed open-source code for security bugs.","votes":"6","type":"x","order":"2","pct":18.75,"resources":[]},{"id":"173","title":"I've made a donation to an open-source project.","votes":"15","type":"x","order":"3","pct":46.88,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.