GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Fri Mar 30, 2007 3:26 am Post subject: [ GLSA 200703-25 ] Ekiga: Format string vulnerability |
|
|
Gentoo Linux Security Advisory
Title: Ekiga: Format string vulnerability (GLSA 200703-25)
Severity: high
Exploitable: remote
Date: March 29, 2007
Updated: May 28, 2009
Bug(s): #167643
ID: 200703-25
Synopsis
A format string vulnerability in Ekiga may allow the remote execution of
arbitrary code.
Background
Ekiga is an open source VoIP and video conferencing application.
Affected Packages
Package: net-voip/ekiga
Vulnerable: < 2.0.7
Unaffected: >= 2.0.7
Architectures: All supported architectures
Description
Mu Security has discovered that Ekiga fails to implement formatted
printing correctly.
Impact
An attacker could exploit this vulnerability to crash Ekiga and
potentially execute arbitrary code by sending a specially crafted Q.931
SETUP packet to a victim.
Workaround
There is no known workaround at this time.
Resolution
All Ekiga users should upgrade to the latest version:
Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7" |
References
CVE-2007-1006
Last edited by GLSA on Mon Aug 25, 2014 4:24 am; edited 3 times in total |
|