001.txt.asc

001.txt.asc: Posted Jan 29, 2004; Site ultramagnetic.sourceforge.net; Ultramagnetic, a utility based off of a fork of the GAIM IM software, is susceptible to the vulnerabilities found in GAIM versions 0.75 and below.; tags | advisory, vulnerability; advisories | CVE-2004-0005, CVE-2004-0006, CVE-2004-0007, CVE-2004-0008; SHA-256 | abf6c26a90679efd79e65b29519d28f7e599cb1e44ffde9b83afbc17c20ea2ae; Download | Favorite | View

001.txt.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Ultramagnetic Advisory #001: January 26th, 2004
http://ultramagnetic.sourceforge.net/advisories/001.html
Severity: 9 (High)
Document Revision: 1.0


Overview

Ultramagnetic is a concurrent fork of the Gaim instant messaging software
which adds strong end-to-end encryption and authentication using GnuPG's
libgcrypt and anonymous routing with Hacktivismo's Six/Four protocol.

Multiple buffer overflow vulnerabilities have been found in the code
forked from Gaim.  Full details are available at this URL:
http://security.e-matters.de/advisories/012004.html

Note that these vulnerabilities DO NOT compromise the
integrity of the encryption or authentication.



Affected Versions

All versions prior to Ultramagnetic v0.81 are affected by CAN-2004-0006,
CAN-2004-0007, CAN-2004-0008:

v0.01 Preview Alpha 1
v0.02 Preview Alpha 2
v0.03 Preview Alpha 3
v0.10 Beta
v0.20 Beta
v0.40 Beta
v0.50 Beta
v0.55 Beta
v0.60 Beta
v0.65 Beta
v0.70 Beta
v0.80 Beta

None of the versions mentioned above are vulnerable to CAN-2004-0005.



Solution

All users are strongly encouraged to upgrade to Ultramagnetic v0.81
(or later):

Source bz2:
    http://prdownloads.sourceforge.net/ultramagnetic/
        ultramagnetic-0.81.tar.bz2?download
    http://prdownloads.sourceforge.net/ultramagnetic/
        ultramagnetic-0.81.tar.bz2.sig?download

Linux x86 RPM:
    http://prdownloads.sourceforge.net/ultramagnetic/
        ultramagnetic-0.81-1.i386.rpm?download
    http://prdownloads.sourceforge.net/ultramagnetic/
        ultramagnetic-0.81-1.i386.rpm.sig?download


References

    * E-matters: 12 x Gaim remote overflows:
          http://security.e-matters.de/advisories/012004.html
    * CVE: CAN-2004-0006
    * CVE: CAN-2004-0007
    * CVE: CAN-2004-0008



- --
low halo 
Defender of Truth and Liberty
http://ultramagnetic.sourceforge.net/
 
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AFB17F6
9AB1 FF04 016F 89A3 5B4E  A585 BDBB 5FBE 3AFB 17F6

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFAFX7Mvbtfvjr7F/YRAnKoAJ43FwGrkJVPnipLlHkrSL+mh1dPUQCfSmNq
GzQkzArZc9N9TJVYspHBvKo=
=ztmn
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

001.txt.asc

001.txt.asc

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

001.txt.asc

Share This

001.txt.asc

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems