CERTA-2004-AVI-037

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités ont été découvertes dans la bibliothèque PWLib.

Description

Des tests proposés par le National Infrastructure Security Co-ordination Center (NISCC) sur le protocole H.225 (qui fait partie de la famille des protocoles H.323) ont mis en évidence des vulnérabilités dans la bibliothèque PWLib.

Ces vulnérabilités peuvent être exploitées par un utilisateur mal intentionné envoyant un message malicieusement forgé.

Solution

Contacter votre éditeur pour obtenir une mise à jour.

Versions de la bibliothèque PWLib antérieures à la 1.6.0.

Impacted products
Vendor Product Description
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eVersions de la biblioth\u00e8que PWLib  ant\u00e9rieures \u00e0 la 1.6.0.\u003c/p\u003e",
  "content": "## Description\n\nDes tests propos\u00e9s par le National Infrastructure Security Co-ordination\nCenter (NISCC) sur le protocole H.225 (qui fait partie de la famille des\nprotocoles H.323) ont mis en \u00e9vidence des vuln\u00e9rabilit\u00e9s dans la\nbiblioth\u00e8que PWLib.  \n\nCes vuln\u00e9rabilit\u00e9s peuvent \u00eatre exploit\u00e9es par un utilisateur mal\nintentionn\u00e9 envoyant un message malicieusement forg\u00e9.\n\n## Solution\n\nContacter votre \u00e9diteur pour obtenir une mise \u00e0 jour.\n",
  "cves": [],
  "links": [
    {
      "title": "Avis de s\u00e9curit\u00e9 006489/H323 du NISCC :",
      "url": "http://www.uniras.gov.uk/vuls/2004/006489/h323.htm"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Fedora FEDORA-2004-078 du 02 mars 2004 :",
      "url": "http://www.redhat.com/archives/fedora-announce-list/2004-March/msg00004.html"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Mandrake MDKSA-2004:017 du 04 mars 2004 :",
      "url": "http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:017"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 Gentoo GLSA-20040411 du 09 avril 2004 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200404-11.xml"
    },
    {
      "title": "Avis de s\u00e9curit\u00e9 RedHat RHSA-2004:047-04 :",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-047.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 FreeBSD du 22 f\u00e9vrier 2004 :",
      "url": "http://www.vuxml.org/freebsd/"
    }
  ],
  "reference": "CERTA-2004-AVI-037",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-02-13T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 RedHat RHSA-2004:047-04.",
      "revision_date": "2004-02-18T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Fedora FEDORA-2004-078.",
      "revision_date": "2004-03-03T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Mandrake MDKSA-2004:017.",
      "revision_date": "2004-03-04T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 Gentoo GLSA-20040411.",
      "revision_date": "2004-04-13T00:00:00.000000"
    },
    {
      "description": "ajout du bulletin de s\u00e9curit\u00e9 FreeBSD.",
      "revision_date": "2004-05-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans la biblioth\u00e8que PWLib.\n",
  "title": "Vuln\u00e9rabilit\u00e9s de la biblioth\u00e8que PWLib",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Avis de s\u00e9curit\u00e9 RedHat RHSA-2004:048-03",
      "url": "http://rhn.redhat.com/errata/RHSA-2004-048.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.