GLSA
Veteran
Joined: 12 May 2004
Posts: 1303
|
 Posted: Fri Mar 30, 2007 3:26 am Post subject: [ GLSA 200703-25 ] Ekiga: Format string vulnerability |
 |
|
Gentoo Linux Security Advisory
Title: Ekiga: Format string vulnerability (GLSA 200703-25)
Severity: high
Exploitable: remote
Date: March 29, 2007
Updated: May 28, 2009
Bug(s): #167643
ID: 200703-25
Synopsis
A format string vulnerability in Ekiga may allow the remote execution of arbitrary code.
Background
Ekiga is an open source VoIP and video conferencing application.
Affected Packages
Package: net-voip/ekiga
Vulnerable: < 2.0.7
Unaffected: >= 2.0.7
Architectures: All supported architectures
Description
Mu Security has discovered that Ekiga fails to implement formatted printing correctly.
Impact
An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a specially crafted Q.931 SETUP packet to a victim.
Workaround
There is no known workaround at this time.
Resolution
All Ekiga users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7" |
References
CVE-2007-1006
Last edited by GLSA on Fri May 29, 2009 4:17 am; edited 1 time in total |
|
News & Announcements
