ID CVE-2007-4897
Summary pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).
References
Vulnerable Configurations
  • cpe:2.3:a:ekiga:ekiga:2.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:ekiga:ekiga:2.0.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 15-10-2018 - 21:38)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
oval via4
accepted 2013-04-29T04:10:01.852-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 5
    oval oval:org.mitre.oval:def:11414
  • comment The operating system installed on the system is CentOS Linux 5.x
    oval oval:org.mitre.oval:def:15802
  • comment Oracle Linux 5.x
    oval oval:org.mitre.oval:def:15459
description pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).
family unix
id oval:org.mitre.oval:def:10928
status accepted
submitted 2010-07-09T03:56:16-04:00
title pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).
version 19
redhat via4
advisories
bugzilla
id 292831
title CVE-2007-4897 ekiga GetHostAddress remote DoS
oval
AND
  • comment Red Hat Enterprise Linux 5 is installed
    oval oval:com.redhat.rhba:tst:20070331001
  • OR
    • AND
      • comment pwlib is earlier than 0:1.10.1-7.0.1.el5
        oval oval:com.redhat.rhsa:tst:20070932002
      • comment pwlib is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070932003
    • AND
      • comment pwlib-devel is earlier than 0:1.10.1-7.0.1.el5
        oval oval:com.redhat.rhsa:tst:20070932004
      • comment pwlib-devel is signed with Red Hat redhatrelease key
        oval oval:com.redhat.rhsa:tst:20070932005
rhsa
id RHSA-2007:0932
released 2007-10-08
severity Moderate
title RHSA-2007:0932: pwlib security update (Moderate)
rpms
  • pwlib-0:1.10.1-7.0.1.el5
  • pwlib-devel-0:1.10.1-7.0.1.el5
refmap via4
bid 25642
bugtraq 20070912 S21SEC-036-EN Ekiga <= 2.0.5 Denial of service
confirm https://bugzilla.redhat.com/show_bug.cgi?id=292831
fulldisc 20070912 S21SEC-036-EN Ekiga <= 2.0.5 Denial of service
mandriva MDKSA-2007:206
misc
sectrack 1018683
secunia
  • 27127
  • 27150
  • 27518
  • 28385
sreason 3138
ubuntu USN-561-1
xf ekiga-sipurlgethostaddress-dos(36568)
Last major update 15-10-2018 - 21:38
Published 14-09-2007 - 18:17
Back to Top