Debian: Gaim hyperlink vulnerability
Posted by LinuxSecurity.com Team   
Debian The developers of Gaim, an instant messenger client that combines several different networks, found a vulnerability in the hyperlink handling code.

--------------------------------------------------------------------------
Debian Security Advisory DSA 158-1                     security@debian.org 
http://www.debian.org/security/                             Martin Schulze
August 27th, 2002                        http://www.debian.org/security/faq
--------------------------------------------------------------------------

Package        : gaim
Vulnerability  : arbitrary program execution
Problem-Type   : remote
Debian-specific: no

The developers of Gaim, an instant messenger client that combines
several different networks, found a vulnerability in the hyperlink
handling code.  The 'Manual' browser command passes an untrusted
string to the shell without escaping or reliable quoting, permitting
an attacker to execute arbitrary commands on the users machine.
Unfortunately, Gaim doesn't display the hyperlink before the user
clicks on it.  Users who use other inbuilt browser commands aren't
vulnerable.

This problem has been fixed in version 0.58-2.2 for the current
stable distribution (woody) and in version 0.59.1-2 for the unstable
distribution (sid).  The old stable distribution (potato) is not
affected since it doesn't ship the Gaim program.

The fixed version of Gaim no longer passes the user's manual browser
command to the shell.  Commands which contain the %s in quotes will
need to be amended, so they don't contain any quotes.  The 'Manual'
browser command can be edited in the 'General' pane of the
'Preferences' dialog, which can be accessed by clicking 'Options' from
the login window, or 'Tools' and then 'Preferences' from the menu bar
in the buddy list window.

We recommend that you upgrade your gaim package immediately.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
--------------------------------

  Source archives:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2.dsc
      Size/MD5 checksum:      681 388e7ad7ea82f72e80f5e7b950b74d9f
     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2.diff.gz
      Size/MD5 checksum:    21077 f40a10f65ec69c219209f3833a601451
     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58.orig.tar.gz
      Size/MD5 checksum:  1928057 644df289daeca5f9dd3983d65c8b2407

  Alpha architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_alpha.deb
      Size/MD5 checksum:   479720 4d8e4ea7f37653cc63bd9c6f3f5b2698
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_alpha.deb
      Size/MD5 checksum:   674568 60234f1a1896d77e924e9ebb99eee12b
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_alpha.deb
      Size/MD5 checksum:   501208 932052409cdc11ea89330709a41f32e4

  ARM architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_arm.deb
      Size/MD5 checksum:   401834 6a25ab2f49f104a8cb60dfb266687b4e
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_arm.deb
      Size/MD5 checksum:   614864 251f521cfe92b00282f3d633e2ecdc06
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_arm.deb
      Size/MD5 checksum:   422330 420edd09bad2f4587b843f18e7c56a0c

  Intel IA-32 architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_i386.deb
      Size/MD5 checksum:   389256 bb1688d11f1e444e7116e3ce48d4b299
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_i386.deb
      Size/MD5 checksum:   606056 ff6443a2cc3be13f8d97f8c56f93bf05
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_i386.deb
      Size/MD5 checksum:   409108 028dc6cfa04b921f94500853d65f1069

  Intel IA-64 architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_ia64.deb
      Size/MD5 checksum:   557146 d99d9f408b423e4ecb572d6c529ec271
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_ia64.deb
      Size/MD5 checksum:   765084 20cf4447c02e5691f90f7c19088dc556
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_ia64.deb
      Size/MD5 checksum:   569896 829bba8b920ff5355cbc72dc918bc6a4

  HP Precision architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_hppa.deb
      Size/MD5 checksum:   459416 42f17cb42279fd9148a44be663244298
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_hppa.deb
      Size/MD5 checksum:   690992 b6e1d262705760055eb6fd3c2a8b393e
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_hppa.deb
      Size/MD5 checksum:   481388 5c142618e62f2d67d2bc827722668ff5

  Motorola 680x0 architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_m68k.deb
      Size/MD5 checksum:   370536 5d39e480ed1d679defe431f572057f84
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_m68k.deb
      Size/MD5 checksum:   622442 50592bfee0dae035546809ffbf1cb4c6
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_m68k.deb
      Size/MD5 checksum:   392112 03fd2c0fbb9609f8d3a32f72f9e0cb4c

  Big endian MIPS architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_mips.deb
      Size/MD5 checksum:   406360 7b6285a0ff3524dd0880b1a527ed34f7
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_mips.deb
      Size/MD5 checksum:   614736 a5f56778d9f5dc6a8a994cd00dec3e11
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_mips.deb
      Size/MD5 checksum:   427188 8eae2b955d9f1d52eb98040b6a34500c

  Little endian MIPS architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_mipsel.deb
      Size/MD5 checksum:   396998 1c0c22d86c37c1d45be00ae5109398cb
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_mipsel.deb
      Size/MD5 checksum:   607172 656a46f56cf74c5a3344867d6035ac32
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_mipsel.deb
      Size/MD5 checksum:   416714 f0cc84cc3ebc22a57676fc772c2d0ac6

  PowerPC architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_powerpc.deb
      Size/MD5 checksum:   413474 b550a080853403e43b22b87e93cf5d49
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_powerpc.deb
      Size/MD5 checksum:   642704 6cc33cd7c71f9d9aa876fdc8ec9d398a
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_powerpc.deb
      Size/MD5 checksum:   434308 cb41515071ff367d0ef4fc0f5584922e

  IBM S/390 architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_s390.deb
      Size/MD5 checksum:   392194 06512a9f37536e2e35c1f86005fd5756
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_s390.deb
      Size/MD5 checksum:   639284 4da689aa738e0a4d9e2cd8f706ba43d2
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_s390.deb
      Size/MD5 checksum:   413366 86da87c92f1683a5fc28f48a81a8fdea

  Sun Sparc architecture:

     http://security.debian.org/pool/updates/main/g/gaim/gaim_0.58-2.2_sparc.deb
      Size/MD5 checksum:   409692 235cd54de30bc2350327f9f23402c2b3
     http://security.debian.org/pool/updates/main/g/gaim/gaim-common_0.58-2.2_sparc.deb
      Size/MD5 checksum:   653688 7db26ec6875eb42c7a655fb9622f0128
     http://security.debian.org/pool/updates/main/g/gaim/gaim-gnome_0.58-2.2_sparc.deb
      Size/MD5 checksum:   428526 3e4ecedebe2eeaa38c4857f5a37816dc


  These files will probably be moved into the stable distribution on
  its next revision.

---------------------------------------------------------------------------------
For apt-get: deb  http://security.debian.org/ stable/updates main
For dpkg-ftp:  ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and  http://packages.debian.org/