Gentoo Security Advisory GLSA 200903-26 (tmsnc) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200903-26.

Solution

Since TMSNC is no longer maintained, we recommend that users unmerge the vulnerable package and switch to another console-based MSN client such as CenterIM or Pebrot: # emerge --unmerge 'net-im/tmsnc' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200903-26 http://bugs.gentoo.org/show_bug.cgi?id=229157

Insight

A buffer overflow in TMSNC might lead to the execution of arbitrary code when processing an instant message.

Severity

Classification

CVE CVE-2008-2828

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200405-13 (neon)
Gentoo Security Advisory GLSA 200408-13 (kde, kdebase, kdelibs)
Gentoo Security Advisory GLSA 200408-27 (Gaim)
Gentoo Security Advisory GLSA 200403-09 (mc)
Gentoo Security Advisory GLSA 200409-01 (vpopmail)

Take action and discover your vulnerabilities