Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Ekiga vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | USN-426-1 | First vendor Publication | 2007-02-22 |
| Vendor | Ubuntu | Last vendor Modification | 2007-02-22 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| A security issue affects the following Ubuntu releases: Ubuntu 5.10 Ubuntu 6.06 LTS Ubuntu 6.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 5.10: Ubuntu 6.06 LTS: Ubuntu 6.10: After a standard system upgrade you need to restart Ekiga to effect the necessary changes. Details follow: Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges. |
Original Source
| Url : http://www.ubuntu.com/usn/USN-426-1 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-134 | Uncontrolled Format String (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:11642 | |||
| Oval ID: | oval:org.mitre.oval:def:11642 | ||
| Title: | Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | ||
| Description: | Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1006 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:11776 | |||
| Oval ID: | oval:org.mitre.oval:def:11776 | ||
| Title: | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | ||
| Description: | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | ||
| Family: | unix | Class: | vulnerability |
| Reference(s): | CVE-2007-1007 | Version: | 5 |
| Platform(s): | Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:22695 | |||
| Oval ID: | oval:org.mitre.oval:def:22695 | ||
| Title: | ELSA-2007:0087: ekiga security update (Critical) | ||
| Description: | Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. | ||
| Family: | unix | Class: | patch |
| Reference(s): | ELSA-2007:0087-02 CVE-2007-0999 CVE-2007-1006 | Version: | 13 |
| Platform(s): | Oracle Linux 5 | Product(s): | ekiga |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-04-09 | Name : Mandriva Update for ekiga MDKSA-2007:044 (ekiga) File : nvt/gb_mandriva_MDKSA_2007_044.nasl |
| 2009-04-09 | Name : Mandriva Update for ekiga MDKSA-2007:058 (ekiga) File : nvt/gb_mandriva_MDKSA_2007_058.nasl |
| 2009-03-23 | Name : Ubuntu Update for ekiga, gnomemeeting vulnerabilities USN-426-1 File : nvt/gb_ubuntu_USN_426_1.nasl |
| 2009-03-23 | Name : Ubuntu Update for ekiga, gnomemeeting vulnerability USN-434-1 File : nvt/gb_ubuntu_USN_434_1.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200703-25 (ekiga) File : nvt/glsa_200703_25.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 1262-1 (gnomemeeting) File : nvt/deb_1262_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 32083 | GnomeMeeting gnomemeeting_log_insert name Variable Format String |
| 31939 | Ekiga Softphone gm_main_window_flash_message() Format String Ekiga softphone contains a flaw that may allow a malicious user to execute arbitrary code resulting in a loss of integrity. This issue is caused due to a format string error within the 'gm_main_window_flash_message()' function in src/endpoints/urlhandler.cpp, src/endpoints/manager.cpp and src/endpoints/sip.cpp. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2013-07-12 | Name : The remote Oracle Linux host is missing a security update. File : oraclelinux_ELSA-2007-0086.nasl - Type : ACT_GATHER_INFO |
| 2013-01-24 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0087.nasl - Type : ACT_GATHER_INFO |
| 2007-12-13 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_gnomemeeting-3163.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-426-1.nasl - Type : ACT_GATHER_INFO |
| 2007-11-10 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-434-1.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_ekiga-3023.nasl - Type : ACT_GATHER_INFO |
| 2007-10-17 | Name : The remote openSUSE host is missing a security update. File : suse_gnomemeeting-3162.nasl - Type : ACT_GATHER_INFO |
| 2007-04-05 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200703-25.nasl - Type : ACT_GATHER_INFO |
| 2007-03-12 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-058.nasl - Type : ACT_GATHER_INFO |
| 2007-03-06 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1262.nasl - Type : ACT_GATHER_INFO |
| 2007-02-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-262.nasl - Type : ACT_GATHER_INFO |
| 2007-02-23 | Name : The remote Fedora Core host is missing a security update. File : fedora_2007-263.nasl - Type : ACT_GATHER_INFO |
| 2007-02-22 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2007-044.nasl - Type : ACT_GATHER_INFO |
| 2007-02-21 | Name : The remote CentOS host is missing a security update. File : centos_RHSA-2007-0086.nasl - Type : ACT_GATHER_INFO |
| 2007-02-21 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2007-0086.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 12:04:11 |
|
