漏洞信息详情

Ekiga gm_main_window_flash_message函数多个格式字符串漏洞

  • CNNVD编号:CNNVD-200702-349
  • 危害等级: 超危
  • CVE编号: CVE-2007-1006
  • 漏洞类型: 格式化字符串
  • 发布时间: 2007-02-19
  • 威胁类型: 远程
  • 更新时间: 2007-08-03
  • 厂        商: ekiga
  • 漏洞来源: The vendor reporte...

漏洞简介

Ekiga 2.0.5版本之前的版本的gm_main_window_flash_message函数中存在多个格式字符串漏洞。攻击者可以借助一个特制的Q.931 SETUP信息包,造成拒绝服务并可能执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu ekiga_2.0.3-0ubuntu3.1_powerpc.deb Ubuntu 6.10: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubunt u3.1_powerpc.deb Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu ekiga_2.0.1-0ubuntu6.1_sparc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_sparc.deb RedHat Fedora Core6 RedHat ekiga-2.0.5-2.fc6.i386.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat ekiga-2.0.5-2.fc6.ppc.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat ekiga-2.0.5-2.fc6.src.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat ekiga-2.0.5-2.fc6.x86_64.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat ekiga-debuginfo-2.0.5-2.fc6.i386.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat ekiga-debuginfo-2.0.5-2.fc6.ppc.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat ekiga-debuginfo-2.0.5-2.fc6.x86_64.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ Ubuntu Ubuntu Linux 6.10 sparc Ubuntu ekiga_2.0.3-0ubuntu3.1_sparc.deb Ubuntu 6.10: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubunt u3.1_sparc.deb Ubuntu Ubuntu Linux 6.10 i386 Ubuntu ekiga_2.0.3-0ubuntu3.1_i386.deb Ubuntu 6.10: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubunt u3.1_i386.deb Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu ekiga_2.0.3-0ubuntu3.1_amd64.deb Ubuntu 6.10: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.3-0ubunt u3.1_amd64.deb Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu ekiga_2.0.1-0ubuntu6.1_powerpc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_powerpc.deb MandrakeSoft Linux Mandrake 2007.0 Mandriva ekiga-2.0.3-1.1mdv2007.0.i586.rpm Mandriva Linux 2007.0: http://www.mandriva.com/en/download Mandriva ekiga-2.0.3-1.1mdv2007.0.src.rpm Mandriva Linux 2007.0: http://www.mandriva.com/en/download Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu ekiga_2.0.1-0ubuntu6.1_i386.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_i386.deb Ubuntu Ubuntu Linux 6.06 LTS amd64 Ubuntu ekiga_2.0.1-0ubuntu6.1_amd64.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_amd64.deb Ekiga Gnomemeeting 0.98.5 Mandriva gnomemeeting-0.98.5-5.1.C30mdk.i586.rpm Corporate 3.0: http://www.mandriva.com/en/download Mandriva gnomemeeting-0.98.5-5.1.C30mdk.x86_64.rpm Corporate 3.0: http://www.mandriva.com/en/download Ekiga Gnomemeeting 1.2.2 Ubuntu gnomemeeting_1.2.2-1ubuntu1.1_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeetin g_1.2.2-1ubuntu1.1_amd64.deb Ubuntu gnomemeeting_1.2.2-1ubuntu1.1_i386.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeetin g_1.2.2-1ubuntu1.1_i386.deb Ubuntu gnomemeeting_1.2.2-1ubuntu1.1_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeetin g_1.2.2-1ubuntu1.1_powerpc.deb Ubuntu gnomemeeting_1.2.2-1ubuntu1.1_sparc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeetin g_1.2.2-1ubuntu1.1_sparc.deb Ekiga Ekiga 2.0.1 RedHat ekiga-2.0.1-5.i386.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat ekiga-2.0.1-5.ppc.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat ekiga-2.0.1-5.src.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat ekiga-2.0.1-5.x86_64.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat ekiga-debuginfo-2.0.1-5.i386.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat ekiga-debuginfo-2.0.1-5.ppc.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat ekiga-debuginfo-2.0.1-5.x86_64.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat Fedora ekiga-2.0.1-4.ppc.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat Fedora ekiga-2.0.1-4.x86_64.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat Fedora ekiga-debuginfo-2.0.1-4.i386.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat Fedora ekiga-debuginfo-2.0.1-4.ppc.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ RedHat Fedora ekiga-debuginfo-2.0.1-4.x86_64.rpm Fedora Core 5 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/ Ubuntu ekiga_2.0.1-0ubuntu6.1_amd64.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_amd64.deb Ubuntu ekiga_2.0.1-0ubuntu6.1_i386.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_i386.deb Ubuntu ekiga_2.0.1-0ubuntu6.1_powerpc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_powerpc.deb Ubuntu ekiga_2.0.1-0ubuntu6.1_sparc.deb Ubuntu 6.06 LTS: http://security.ubuntu.com/ubuntu/pool/main/e/ekiga/ekiga_2.0.1-0ubunt u6.1_sparc.deb Ekiga Ekiga 2.0.2 RedHat Fedora ekiga-2.0.5-2.fc6.i386.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat Fedora ekiga-2.0.5-2.fc6.ppc.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat Fedora ekiga-2.0.5-2.fc6.x86_64.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat Fedora ekiga-debuginfo-2.0.5-2.fc6.i386.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat Fedora ekiga-debuginfo-2.0.5-2.fc6.ppc.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ RedHat Fedora ekiga-debuginfo-2.0.5-2.fc6.x86_64.rpm Fedora Core 6 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/ Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu gnomemeeting_1.2.2-1ubuntu1.1_powerpc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeetin g_1.2.2-1ubuntu1.1_powerpc.deb Ubuntu Ubuntu Linux 5.10 sparc Ubuntu gnomemeeting_1.2.2-1ubuntu1.1_sparc.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeetin g_1.2.2-1ubuntu1.1_sparc.deb Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu gnomemeeting_1.2.2-1ubuntu1.1_amd64.deb Ubuntu 5.10: http://security.ubuntu.com/ubuntu/pool/main/g/gnomemeeting/gnomemeetin g_1.2.2-1ubuntu1.1_amd64.deb

参考网址

来源: UBUNTU 名称: USN-426-1 链接:http://www.ubuntu.com/usn/usn-426-1 来源: SECTRACK 名称: 1017673 链接:http://www.securitytracker.com/id?1017673 来源: BID 名称: 22613 链接:http://www.securityfocus.com/bid/22613 来源: REDHAT 名称: RHSA-2007:0087 链接:http://www.redhat.com/support/errata/RHSA-2007-0087.html 来源: OSVDB 名称: 31939 链接:http://www.osvdb.org/31939 来源: SUSE 名称: SUSE-SR:2007:009 链接:http://www.novell.com/linux/security/advisories/2007_9_sr.html 来源: MANDRIVA 名称: MDKSA-2007:044 链接:http://www.mandriva.com/security/advisories?name=MDKSA-2007:044 来源: VUPEN 名称: ADV-2007-0655 链接:http://www.frsirt.com/english/advisories/2007/0655 来源: www.ekiga.org 链接:http://www.ekiga.org/index.php?rub=10&archive=1 来源: DEBIAN 名称: DSA-1262 链接:http://www.debian.org/security/2007/dsa-1262 来源: GENTOO 名称: GLSA-200703-25 链接:http://security.gentoo.org/glsa/glsa-200703-25.xml 来源: SECUNIA 名称: 25119 链接:http://secunia.com/advisories/25119 来源: SECUNIA 名称: 24680 链接:http://secunia.com/advisories/24680 来源: SECUNIA 名称: 24379 链接:http://secunia.com/advisories/24379 来源: SECUNIA 名称: 24271 链接:http://secunia.com/advisories/24271 来源: SECUNIA 名称: 24229 链接:http://secunia.com/advisories/24229 来源: SECUNIA 名称: 24228 链接:http://secunia.com/advisories/24228 来源: SECUNIA 名称: 24194 链接:http://secunia.com/advisories/24194 来源: MLIST 名称: [Ekiga-list] 20070213 Ekiga 2.0.5 available 链接:http://mail.gnome.org/archives/ekiga-list/2007-February/msg00060.html 来源: MISC 链接:http://labs.musecurity.com/advisories/MU-200702-01.txt 来源: FEDORA 名称: FEDORA-2007-263 链接:http://fedoranews.org/cms/node/2683 来源: FEDORA 名称: FEDORA-2007-262 链接:http://fedoranews.org/cms/node/2682

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多