ID CVE-2007-1007
Summary Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
References
Vulnerable Configurations
  • cpe:2.3:a:ekiga:ekiga:1.0.2
    cpe:2.3:a:ekiga:ekiga:1.0.2
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_servers
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:advanced_servers
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:3.0:-:workstation
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:advanced_server
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:advanced_server
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:enterprise_server
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:enterprise_server
  • cpe:2.3:o:redhat:enterprise_linux:4.0:-:workstation
    cpe:2.3:o:redhat:enterprise_linux:4.0:-:workstation
  • Red Hat Desktop 3.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:3.0
  • Red Hat Desktop 4.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:4.0
CVSS
Base: 10.0 (as of 20-02-2007 - 16:14)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GNOMEMEETING-3162.NASL
    description This update fixes format string problems in gnomemeeting. (CVE-2007-1007)
    last seen 2018-09-01
    modified 2018-07-19
    plugin id 27241
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27241
    title openSUSE 10 Security Update : gnomemeeting (gnomemeeting-3162)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-426-1.NASL
    description Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 28019
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=28019
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : ekiga, gnomemeeting vulnerabilities (USN-426-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2007-0086.NASL
    description Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-16
    plugin id 24678
    published 2007-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24678
    title RHEL 3 / 4 : gnomemeeting (RHSA-2007:0086)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_GNOMEMEETING-3163.NASL
    description This update fixes format string problems in gnomemeeting which might be used by remote attackers to crash gnomemeeting and on older distributions potentially execute code. (CVE-2007-1007)
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 29446
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29446
    title SuSE 10 Security Update : gnomemeeting (ZYPP Patch Number 3163)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2007-0086.NASL
    description From Red Hat Security Advisory 2007:0086 : Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 67457
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67457
    title Oracle Linux 3 / 4 : gnomemeeting (ELSA-2007-0086)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1262.NASL
    description 'Mu Security' discovered that a format string vulnerability in the VoIP solution GnomeMeeting allows the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-07-20
    plugin id 24765
    published 2007-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24765
    title Debian DSA-1262-1 : gnomemeeting - format string
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2007-0086.NASL
    description Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 24674
    published 2007-02-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24674
    title CentOS 3 / 4 : gnomemeeting (CESA-2007:0086)
oval via4
accepted 2013-04-29T04:15:42.704-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 3
    oval oval:org.mitre.oval:def:11782
  • comment CentOS Linux 3.x
    oval oval:org.mitre.oval:def:16651
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
family unix
id oval:org.mitre.oval:def:11776
status accepted
submitted 2010-07-09T03:56:16-04:00
title Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.
version 23
redhat via4
advisories
bugzilla
id 229266
title CVE-2007-1007 gnomemeeting format string flaw
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • comment gnomemeeting is earlier than 0:0.96.0-5
      oval oval:com.redhat.rhsa:tst:20070086002
    • comment gnomemeeting is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070086003
  • AND
    • comment Red Hat Enterprise Linux 4 is installed
      oval oval:com.redhat.rhsa:tst:20060016001
    • comment gnomemeeting is earlier than 0:1.0.2-9
      oval oval:com.redhat.rhsa:tst:20070086005
    • comment gnomemeeting is signed with Red Hat master key
      oval oval:com.redhat.rhsa:tst:20070086003
rhsa
id RHSA-2007:0086
released 2007-02-20
severity Critical
title RHSA-2007:0086: gnomemeeting security update (Critical)
rpms
  • gnomemeeting-0:0.96.0-5
  • gnomemeeting-0:1.0.2-9
refmap via4
confirm http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229266
debian DSA-1262
mandriva MDKSA-2007:045
osvdb 32083
secunia
  • 24185
  • 24271
  • 24284
  • 24379
  • 25119
sgi 20070201-01-P
suse SUSE-SR:2007:009
ubuntu USN-426-1
Last major update 15-09-2010 - 01:45
Published 20-02-2007 - 12:28
Last modified 10-10-2017 - 21:31
Back to Top