Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code
Ultramagnetic Advisory #001: January 26th, 2004
http://ultramagnetic.sourceforge.net/advisories/001.html
Severity: 9 (High)
Document Revision: 1.0
Overview
Ultramagnetic is a concurrent fork of the Gaim instant messaging software
which adds strong end-to-end encryption and authentication using GnuPG's
libgcrypt and anonymous routing with Hacktivismo's Six/Four protocol.
Multiple buffer overflow vulnerabilities have been found in the code
forked from Gaim. Full details are available at this URL:
http://security.e-matters.de/advisories/012004.html
Note that these vulnerabilities DO NOT compromise the
integrity of the encryption or authentication.
Affected Versions
All versions prior to Ultramagnetic v0.81 are affected by CAN-2004-0006,
CAN-2004-0007, CAN-2004-0008:
v0.01 Preview Alpha 1
v0.02 Preview Alpha 2
v0.03 Preview Alpha 3
v0.10 Beta
v0.20 Beta
v0.40 Beta
v0.50 Beta
v0.55 Beta
v0.60 Beta
v0.65 Beta
v0.70 Beta
v0.80 Beta
None of the versions mentioned above are vulnerable to CAN-2004-0005.
Solution
All users are strongly encouraged to upgrade to Ultramagnetic v0.81
(or later):
Source bz2:
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81.tar.bz2?download
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81.tar.bz2.sig?download
Linux x86 RPM:
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81-1.i386.rpm?download
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81-1.i386.rpm.sig?download
References
* E-matters: 12 x Gaim remote overflows:
http://security.e-matters.de/advisories/012004.html
* CVE: CAN-2004-0006
* CVE: CAN-2004-0007
* CVE: CAN-2004-0008
- --
low halo
Defender of Truth and Liberty
http://ultramagnetic.sourceforge.net/
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AFB17F6
9AB1 FF04 016F 89A3 5B4E A585 BDBB 5FBE 3AFB 17F6
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Ultramagnetic Advisory #001: January 26th, 2004
http://ultramagnetic.sourceforge.net/advisories/001.html
Severity: 9 (High)
Document Revision: 1.0
Overview
Ultramagnetic is a concurrent fork of the Gaim instant messaging software
which adds strong end-to-end encryption and authentication using GnuPG's
libgcrypt and anonymous routing with Hacktivismo's Six/Four protocol.
Multiple buffer overflow vulnerabilities have been found in the code
forked from Gaim. Full details are available at this URL:
http://security.e-matters.de/advisories/012004.html
Note that these vulnerabilities DO NOT compromise the
integrity of the encryption or authentication.
Affected Versions
All versions prior to Ultramagnetic v0.81 are affected by CAN-2004-0006,
CAN-2004-0007, CAN-2004-0008:
v0.01 Preview Alpha 1
v0.02 Preview Alpha 2
v0.03 Preview Alpha 3
v0.10 Beta
v0.20 Beta
v0.40 Beta
v0.50 Beta
v0.55 Beta
v0.60 Beta
v0.65 Beta
v0.70 Beta
v0.80 Beta
None of the versions mentioned above are vulnerable to CAN-2004-0005.
Solution
All users are strongly encouraged to upgrade to Ultramagnetic v0.81
(or later):
Source bz2:
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81.tar.bz2?download
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81.tar.bz2.sig?download
Linux x86 RPM:
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81-1.i386.rpm?download
http://prdownloads.sourceforge.net/ultramagnetic/
ultramagnetic-0.81-1.i386.rpm.sig?download
References
* E-matters: 12 x Gaim remote overflows:
http://security.e-matters.de/advisories/012004.html
* CVE: CAN-2004-0006
* CVE: CAN-2004-0007
* CVE: CAN-2004-0008
- --
low halo
Defender of Truth and Liberty
http://ultramagnetic.sourceforge.net/
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AFB17F6
9AB1 FF04 016F 89A3 5B4E A585 BDBB 5FBE 3AFB 17F6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAFX7Mvbtfvjr7F/YRAnKoAJ43FwGrkJVPnipLlHkrSL+mh1dPUQCfSmNq
GzQkzArZc9N9TJVYspHBvKo=
=ztmn
-----END PGP SIGNATURE-----