Joined: 12 May 2004
|Posted: Fri Mar 30, 2007 3:26 am Post subject: [ GLSA 200703-25 ] Ekiga: Format string vulnerability
|Gentoo Linux Security Advisory
Title: Ekiga: Format string vulnerability (GLSA 200703-25)
Date: March 29, 2007
Updated: May 28, 2009
A format string vulnerability in Ekiga may allow the remote execution of arbitrary code.
Ekiga is an open source VoIP and video conferencing application.
Vulnerable: < 2.0.7
Unaffected: >= 2.0.7
Architectures: All supported architectures
Mu Security has discovered that Ekiga fails to implement formatted printing correctly.
An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a specially crafted Q.931 SETUP packet to a victim.
There is no known workaround at this time.
All Ekiga users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7"
Last edited by GLSA on Fri May 29, 2009 4:17 am; edited 1 time in total