Executive Summary
| Summary | |
|---|---|
| Title | New pwlib packages fix multiple vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-448 | First vendor Publication | 2004-02-22 |
| Vendor | Debian | Last vendor Modification | 2004-02-22 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Multiple vulnerabilities were discovered in pwlib, a library used to aid in writing portable applications, whereby a remote attacker could cause a denial of service or potentially execute arbitrary code. This library is most notably used in several applications implementing the H.323 teleconferencing protocol, including the OpenH323 suite, gnomemeeting and asterisk. For the current stable distribution (woody) this problem has been fixed in version 1.2.5-5woody1. For the unstable distribution (sid), this problem will be fixed soon. Refer to Debian bug #233888 for details. We recommend that you update your pwlib package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-448 |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:10056 | |||
| Oval ID: | oval:org.mitre.oval:def:10056 | ||
| Title: | Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | ||
| Description: | Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0097 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:803 | |||
| Oval ID: | oval:org.mitre.oval:def:803 | ||
| Title: | RedHat Code Execution and DoS Vulnerabilities in PWLib | ||
| Description: | Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0097 | Version: | 4 |
| Platform(s): | Red Hat Linux 9 | Product(s): | PWLib |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:826 | |||
| Oval ID: | oval:org.mitre.oval:def:826 | ||
| Title: | RedHat Enterprise 3 Code Execution and DoS Vulnerabilities in PWLib | ||
| Description: | Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2004-0097 | Version: | 4 |
| Platform(s): | Red Hat Enterprise Linux 3 | Product(s): | PWLib |
| Definition Synopsis: | |||
| |||
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200404-11 (dev-libs/pwlib) File : nvt/glsa_200404_11.nasl |
| 2008-09-04 | Name : FreeBSD Ports: pwlib File : nvt/freebsd_pwlib.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 448-1 (pwlib) File : nvt/deb_448_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 3455 | Multiple Vendor H.323 Protocol Multiple Unspecified Issues (PROTOS) |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_27c331d564c711d880e30020ed76ef5a.nasl - Type : ACT_GATHER_INFO |
| 2005-02-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-105.nasl - Type : ACT_GATHER_INFO |
| 2005-02-02 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-106.nasl - Type : ACT_GATHER_INFO |
| 2004-09-29 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-448.nasl - Type : ACT_GATHER_INFO |
| 2004-08-30 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200404-11.nasl - Type : ACT_GATHER_INFO |
| 2004-07-31 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2004-017.nasl - Type : ACT_GATHER_INFO |
| 2004-07-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2004-078.nasl - Type : ACT_GATHER_INFO |
| 2004-07-06 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2004-047.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:07 |
|
