Bugtraq mailing list archives
Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
From: <lowhalo () hush com>
Date: Mon, 26 Jan 2004 17:16:14 -0800
Ultramagnetic Advisory #001: January 26th, 2004 http://ultramagnetic.sourceforge.net/advisories/001.html Severity: 9 (High) Document Revision: 1.0 Overview Ultramagnetic is a concurrent fork of the Gaim instant messaging software which adds strong end-to-end encryption and authentication using GnuPG's libgcrypt and anonymous routing with Hacktivismo's Six/Four protocol. Multiple buffer overflow vulnerabilities have been found in the code forked from Gaim. Full details are available at this URL: http://security.e-matters.de/advisories/012004.html Note that these vulnerabilities DO NOT compromise the integrity of the encryption or authentication. Affected Versions All versions prior to Ultramagnetic v0.81 are affected by CAN-2004-0006, CAN-2004-0007, CAN-2004-0008: v0.01 Preview Alpha 1 v0.02 Preview Alpha 2 v0.03 Preview Alpha 3 v0.10 Beta v0.20 Beta v0.40 Beta v0.50 Beta v0.55 Beta v0.60 Beta v0.65 Beta v0.70 Beta v0.80 Beta None of the versions mentioned above are vulnerable to CAN-2004-0005. Solution All users are strongly encouraged to upgrade to Ultramagnetic v0.81 (or later): Source bz2: http://prdownloads.sourceforge.net/ultramagnetic/ ultramagnetic-0.81.tar.bz2?download http://prdownloads.sourceforge.net/ultramagnetic/ ultramagnetic-0.81.tar.bz2.sig?download Linux x86 RPM: http://prdownloads.sourceforge.net/ultramagnetic/ ultramagnetic-0.81-1.i386.rpm?download http://prdownloads.sourceforge.net/ultramagnetic/ ultramagnetic-0.81-1.i386.rpm.sig?download References * E-matters: 12 x Gaim remote overflows: http://security.e-matters.de/advisories/012004.html * CVE: CAN-2004-0006 * CVE: CAN-2004-0007 * CVE: CAN-2004-0008 - -- low halo Defender of Truth and Liberty http://ultramagnetic.sourceforge.net/ http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AFB17F6 9AB1 FF04 016F 89A3 5B4E A585 BDBB 5FBE 3AFB 17F6
Attachment:
001.txt.asc
Description:
Current thread:
- Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code lowhalo (Jan 27)