Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1686

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2005-1686
Last Modified 21 Aug 2010 12:29:22
Published 20 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2005-1686

Summary

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.

Vulnerable Systems

Application

  • Gnome Gedit 2.10.2


References

UBUNTU - USN-138-1

REDHAT - RHSA-2005:499

GENTOO - GLSA-200506-09

BUGTRAQ - 20050520 pst.advisory: gedit fun. opensource is god .lol windows

SUSE - SUSE-SA:2005:036

DEBIAN - DSA-753


Last Updated: 27 May 2016 10:40:16