Executive Summary
Summary | |
---|---|
Title | ekg and Gadu library vulnerabilities |
Informations | |||
---|---|---|---|
Name | USN-162-1 | First vendor Publication | 2005-08-08 |
Vendor | Ubuntu | Last vendor Modification | 2005-08-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A security issue affects the following Ubuntu releases: Ubuntu 5.04 (Hoary Hedgehog) The following packages are affected: ekg libgadu3 The problem can be corrected by upgrading the affected package to version 1:1.5-4ubuntu1.2. In general, a standard system upgrade is sufficient to effect the necessary changes. If you use the Instant Messaging application "Kopete", you need to restart it after the upgrade since it uses the libgadu3 library package. Details follow: Marcin Owsiany and Wojtek Kaniewski discovered that some contributed scripts (contrib/ekgh, contrib/ekgnv.sh, and contrib/getekg.sh) in the ekg package created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the script. (CAN-2005-1850) Marcin Owsiany and Wojtek Kaniewski discovered a shell command injection vulnerability in a contributed utility (contrib/scripts/ekgbot-pre1.py). By sending specially crafted content to the bot, an attacker could exploit this to execute arbitrary code with the privileges of the user running ekgbot. (CAN-2005-1851) Marcin Ślusarz discovered an integer overflow in the Gadu library. By sending a specially crafted incoming message, a remote attacker could execute arbitrary code with the privileges of the application using libgadu. (CAN-2005-1852) Eric Romang discovered that another contributed script (contrib/scripts/linki.py) created temporary files in an insecure way, which allowed exploitation of a race condition to create or overwrite files with the privileges of the user invoking the script. (CAN-2005-1916) Grzegorz Jaśkiewicz discovered several integer overflows in the Gadu library. A remote attacker could exploit this to crash the Gadu client application or even execute arbitrary code with the privileges of the user by sending specially crafted messages. (CAN-2005-2369) Szymon Zygmunt and Michał Bartoszkiewicz discovered a memory alignment error in the Gadu library. By sending specially crafted messages, a remote attacker could crash the application using the library. (CAN-2005-2370) Marcin Ślusarz discovered that the Gadu library did not properly handle endianess conversion in some cases. This caused invalid behavior on big endian architectures. The only affected supported architecture is powerpc. (CAN-2005-2448) |
Original Source
Url : http://www.ubuntu.com/usn/USN-162-1 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-27 | Leveraging Race Conditions via Symbolic Links |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-399 | Resource Management Errors |
33 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
33 % | CWE-59 | Improper Link Resolution Before File Access ('Link Following') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:10281 | |||
Oval ID: | oval:org.mitre.oval:def:10281 | ||
Title: | Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. | ||
Description: | Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2369 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:10456 | |||
Oval ID: | oval:org.mitre.oval:def:10456 | ||
Title: | Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | ||
Description: | Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2370 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:11263 | |||
Oval ID: | oval:org.mitre.oval:def:11263 | ||
Title: | Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. | ||
Description: | Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-2448 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:9532 | |||
Oval ID: | oval:org.mitre.oval:def:9532 | ||
Title: | Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | ||
Description: | Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message. | ||
Family: | unix | Class: | vulnerability |
Reference(s): | CVE-2005-1852 | Version: | 5 |
Platform(s): | Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-23 (kopete) File : nvt/glsa_200507_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200507-26 (gnugadu centericq kadu ekg libgadu) File : nvt/glsa_200507_26.nasl |
2008-09-04 | Name : FreeBSD Ports: gaim, ja-gaim, ko-gaim, ru-gaim File : nvt/freebsd_gaim16.nasl |
2008-09-04 | Name : FreeBSD Ports: pl-ekg File : nvt/freebsd_pl-ekg.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1318-1 (ekg) File : nvt/deb_1318_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 760-1 (ekg) File : nvt/deb_760_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 767-1 (ekg) File : nvt/deb_767_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 769-1 (gaim) File : nvt/deb_769_1.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 813-1 (centericq) File : nvt/deb_813_1.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2005-242-03 gaim File : nvt/esoft_slk_ssa_2005_242_03.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
18127 | libgadu on Big-Endian Architecture Unspecified Issue |
18126 | libgadu on SPARC Incoming Message Memory Alignment Error |
18125 | libgadu Data Processing Multiple Signedness Errors |
18124 | libgadu Unspecified Incoming Message Overflow |
18072 | ekg Unspecified Contributed Script Insecure Temporary File Creation |
18071 | ekg Unspecified Contributed Script Arbitrary Command Execution |
17722 | ekg linki.py Add-on Symlink Arbitrary File Manipulation Eksperymentalny Klient Gadu-Gadu (EKG) contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to the czyjest and handle_keypress() functions in the contrib/scripts/linki.py script creating temporary files insecurely. It is possible for a user to use a symlink style attack from a critical EKG file to the /tmp/rmrmg_ekg_url file. When EKG is run, the temporary symlink file is activated with the privileges of the user running EKG, resulting in a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2012-01-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-773.nasl - Type : ACT_GATHER_INFO |
2007-06-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1318.nasl - Type : ACT_GATHER_INFO |
2006-07-05 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2005-639.nasl - Type : ACT_GATHER_INFO |
2006-07-03 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2005-627.nasl - Type : ACT_GATHER_INFO |
2006-05-13 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_3b4a69820b2411dabc080001020eed82.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-168-1.nasl - Type : ACT_GATHER_INFO |
2006-01-15 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-162-1.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2005-139.nasl - Type : ACT_GATHER_INFO |
2005-10-05 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2005-242-03.nasl - Type : ACT_GATHER_INFO |
2005-09-17 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-813.nasl - Type : ACT_GATHER_INFO |
2005-08-12 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2005-627.nasl - Type : ACT_GATHER_INFO |
2005-08-01 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_9a035a56eff011d983100001020eed82.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-769.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-767.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-23.nasl - Type : ACT_GATHER_INFO |
2005-07-31 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200507-26.nasl - Type : ACT_GATHER_INFO |
2005-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-623.nasl - Type : ACT_GATHER_INFO |
2005-07-24 | Name : The remote Fedora Core host is missing a security update. File : fedora_2005-624.nasl - Type : ACT_GATHER_INFO |
2005-07-22 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2005-639.nasl - Type : ACT_GATHER_INFO |
2005-07-19 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-760.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 12:01:00 |
|
2013-05-11 12:25:08 |
|