Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6183

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-6183
Last Modified 07 Mar 2011 10:02:07
Published 29 Nov 2007 07:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-6183

Summary

Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.

Vulnerable Systems

Application

  • Ruby Gnome2 0.16.0


References

VUPEN - ADV-2007-4022

BUGTRAQ - 20071127 Ruby/Gnome2 0.16.0 Format String Vulnerability

CONFIRM - http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2/ruby-gnome2/trunk/gtk/src/rbgtkmessagedialog.c?view=log

OSVDB - 40774

FEDORA - FEDORA-2007-4229

FEDORA - FEDORA-2007-4216

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=402871

XF - rubygnome2-mdiaginitialize-format-string(38757)

BID - 26616

MANDRIVA - MDVSA-2008:033

DEBIAN - DSA-1431

SREASON - 3407

GENTOO - GLSA-200712-09

SECUNIA - 28060

SECUNIA - 28022

SECUNIA - 27975

SECUNIA - 27825

MISC - http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html

CONFIRM - http://bugs.gentoo.org/show_bug.cgi?id=200623

CONFIRM - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689


Last Updated: 27 May 2016 10:46:24