+++ This bug was initially created as a clone of Bug #229259 +++ A format string flaw was found in the way Ekiga processes certain messages form remote clients. This flaw could allow a remote attacker to execute arbitrary code as the user running Ekiga. This flaw also affects gnomemeeting This flaw also affects RHEL3
<mjcox> well a case of replacing gnomemeeting_log_insert (msg); with gnomemeeting_log_insert ("%s",msg); etc
I think it's important to note that the format string flaws in Ekiga are not the same as the format string flaws in Gnomemeeting, although they are of a similar root cause.. In Ekiga this occurs because the remote name is passed to a display function as a format string, in GnomeMeeting because the remote name is passed to a logging function as a format string. Therefore there are two CVE names even though the way to trigger these flaws is the same (connect with a malicious name).
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0086.html