Executive Summary
Summary | |
---|---|
Title | New ekg packages fix denial of service |
Informations | |||
---|---|---|---|
Name | DSA-1318 | First vendor Publication | 2007-06-22 |
Vendor | Debian | Last vendor Modification | 2007-06-22 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2005-2370 It was discovered that memory alignment errors may allow remote attackers to cause a denial of service on certain architectures such as sparc. This only affects Debian Sarge. CVE-2005-2448 It was discovered that several endianess errors may allow remote attackers to cause a denial of service. This only affects Debian Sarge. CVE-2007-1663 It was discovered that a memory leak in handling image messages may lead to denial of service. This only affects Debian Etch. CVE-2007-1664 It was discovered that a null pointer deference in the token OCR code may lead to denial of service. This only affects Debian Etch. CVE-2007-1665 It was discovered that a memory leak in the token OCR code may lead to denial of service. This only affects Debian Etch. For the oldstable distribution (sarge) these problems have been fixed in version 1.5+20050411-7. This updates lacks updated packages for the m68k architecture. They will be provided later. For the stable distribution (etch) these problems have been fixed in version 1:1.7~rc2-1etch1. For the unstable distribution (sid) these problems have been fixed in version 1:1.7~rc2-2. We recommend that you upgrade your ekg packages. |
Original Source
Url : http://www.debian.org/security/2007/dsa-1318 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10456 | |||
Oval ID: | oval:org.mitre.oval:def:10456 | ||
Title: | Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | ||
Description: | Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2370 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11263 | |||
Oval ID: | oval:org.mitre.oval:def:11263 | ||
Title: | Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. | ||
Description: | Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2448 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:18946 | |||
Oval ID: | oval:org.mitre.oval:def:18946 | ||
Title: | DSA-1318-1 ekg | ||
Description: | Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-1318-1 CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665 | Version: | 5 |
Platform(s): | Debian GNU/Linux 4.0 | Product(s): | ekg |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-02-27 | Name : Fedora Update for ekg FEDORA-2007-0791 File : nvt/gb_fedora_2007_0791_ekg_fc7.nasl |
2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim16.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1318-1 (ekg) File : nvt/deb_1318_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 769-1 (gaim) File : nvt/deb_769_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 813-1 (centericq) File : nvt/deb_813_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-242-03 gaim File : nvt/esoft_slk_ssa_2005_242_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
45379 | ekg on Debian Linux Token OCR Functionality Remote Memory Exhaustion DoS |
45378 | ekg on Debian Linux Token OCR Functionality NULL Dereference Remote DoS |
45377 | ekg on Debian Linux Image Message Functionality Remote Memory Exhaustion DoS |
18127 | libgadu on Big-Endian Architecture Unspecified Issue |
18126 | libgadu on SPARC Incoming Message Memory Alignment Error |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2007-11-06 | Name : The remote Fedora host is missing a security update. File : fedora_2007-0791.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1318.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-639.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-627.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3b4a69820b2411dabc080001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-162-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-168-1.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-242-03.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-139.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-813.nasl - Type : ACT_GATHER_INFO |
2005-08-12 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-627.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-769.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-639.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:43 |
|