Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4897

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4897
Last Modified 13 Jun 2011 12:00:00
Published 14 Sep 2007 02:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4897

Summary

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Vulnerable Systems

Application

  • Ekiga 2.0.5


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=292831

XF - ekiga-sipurlgethostaddress-dos(36568)

UBUNTU - USN-561-1

SECTRACK - 1018683

BID - 25642

BUGTRAQ - 20070912 S21SEC-036-EN Ekiga <= 2.0.5 Denial of service

MISC - http://www.s21sec.com/avisos/s21sec-036-en.txt

REDHAT - RHSA-2007:0932

MANDRIVA - MDKSA-2007:206

SREASON - 3138

SECUNIA - 28385

SECUNIA - 27518

SECUNIA - 27150

SECUNIA - 27127

MISC - http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9

MISC - http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html


Last Updated: 27 May 2016 10:46:00