Bug 229259 (CVE-2007-1006)

Summary:

CVE-2007-1006 Ekiga format string flaw

Product:

[Other] Security Response

Reporter:

Josh Bressers <bressers>

Component:

vulnerability

Assignee:

Daniel Veillard <veillard>

Status:

CLOSED ERRATA

QA Contact:

Severity:

urgent

Docs Contact:

Priority:

medium

Version:

unspecified

Keywords:

Security

Target Milestone:

---

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2007-06-03 23:43:58 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Attachments:

Description	Flags
Upstream patch extracted from SVN	none

Description Josh Bressers 2007-02-19 20:01:46 UTC

A format string flaw was found in the way Ekiga processes certain messages form
remote clients.  This flaw could allow a remote attacker to execute arbitrary
code as the user running Ekiga.

This flaw also affects FC5

Comment 1 Josh Bressers 2007-02-19 20:01:46 UTC

Created attachment 148361 [details]
Upstream patch extracted from SVN

Comment 2 Fedora Update System 2007-02-21 04:18:31 UTC

ekiga-2.0.1-4 has been pushed for fc5, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Comment 3 Fedora Update System 2007-02-21 04:19:00 UTC

ekiga-2.0.5-2.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.