Vulnerability CVE-2007-1006

Vulnerability CVE-2007-1006

Published: 2007-02-19 Modified: 2012-02-12

Description:

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.

Type:

CWE-134

(Uncontrolled Format String)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score	Impact Subscore	Exploitability Subscore
10/10	10/10	10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Complete	Complete	Complete

Affected software
Ekiga -> Ekiga

References:

http://www.vupen.com/english/advisories/2007/0655

http://www.ubuntu.com/usn/usn-426-1

http://www.securitytracker.com/id?1017673

http://www.securityfocus.com/bid/22613

http://www.redhat.com/support/errata/RHSA-2007-0087.html

http://www.osvdb.org/31939

http://www.novell.com/linux/security/advisories/2007_9_sr.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:044

http://www.ekiga.org/index.php?rub=10&archive=1

http://www.debian.org/security/2007/dsa-1262

http://security.gentoo.org/glsa/glsa-200703-25.xml

http://secunia.com/advisories/25119

http://secunia.com/advisories/24680

http://secunia.com/advisories/24379

http://secunia.com/advisories/24271

http://secunia.com/advisories/24229

http://secunia.com/advisories/24228

http://secunia.com/advisories/24194

http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11642

http://mail.gnome.org/archives/ekiga-list/2007-February/msg00060.html

http://labs.musecurity.com/advisories/MU-200702-01.txt

http://fedoranews.org/cms/node/2683

http://fedoranews.org/cms/node/2682

Vulnerability CVE-2007-1006

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.

CWE-134

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

10/10

10/10

10/10

Remote

Low

No required

Complete

Complete

Complete

Affected software

References: