ID CVE-2005-1852
Summary Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
References
Vulnerable Configurations
  • cpe:2.3:a:ekg:ekg:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.0_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.0_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.0_rc3:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.0_rc3:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.1_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.1_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.1_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.1_rc2:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.4:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.5:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.5:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.5_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.5_rc1:*:*:*:*:*:*:*
  • cpe:2.3:a:ekg:ekg:1.5_rc2:*:*:*:*:*:*:*
    cpe:2.3:a:ekg:ekg:1.5_rc2:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:centericq:centericq:*:*:*:*:*:*:*:*
    cpe:2.3:a:centericq:centericq:*:*:*:*:*:*:*:*
  • cpe:2.3:a:kadu:kadu:*:*:*:*:*:*:*:*
    cpe:2.3:a:kadu:kadu:*:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 11-10-2017 - 01:30)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
oval via4
accepted 2013-04-29T04:20:03.505-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
family unix
id oval:org.mitre.oval:def:9532
status accepted
submitted 2010-07-09T03:56:16-04:00
title Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:639
refmap via4
bid 14345
bugtraq 20050721 Multiple vulnerabilities in libgadu and ekg package
confirm http://www.kde.org/info/security/advisory-20050721-1.txt
fedora FEDORA-2005-624
gentoo
  • GLSA-200507-23
  • GLSA-200507-26
secunia
  • 16140
  • 16155
  • 16211
  • 16242
suse SUSE-SR:2005:019
Last major update 11-10-2017 - 01:30
Published 26-07-2005 - 04:00
Back to Top