Bug 229266 - CVE-2007-1007 gnomemeeting format string flaw
CVE-2007-1007 gnomemeeting format string flaw
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: gnomemeeting (Show other bugs)
All Linux
medium Severity urgent
: ---
: ---
Assigned To: Monty
: Security
Depends On:
  Show dependency treegraph
Reported: 2007-02-19 15:37 EST by Josh Bressers
Modified: 2013-10-20 18:42 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHSA-2007-0086
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-20 07:06:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Josh Bressers 2007-02-19 15:37:42 EST
+++ This bug was initially created as a clone of Bug #229259 +++

A format string flaw was found in the way Ekiga processes certain messages form
remote clients.  This flaw could allow a remote attacker to execute arbitrary
code as the user running Ekiga.  This flaw also affects gnomemeeting

This flaw also affects RHEL3
Comment 1 Josh Bressers 2007-02-19 15:44:22 EST
<mjcox> well a case of replacing   gnomemeeting_log_insert (msg); with  
gnomemeeting_log_insert ("%s",msg); etc
Comment 3 Mark J. Cox 2007-02-20 03:56:09 EST
I think it's important to note that the format string flaws in Ekiga are not the
same as the format string flaws in Gnomemeeting, although they are of a similar
root cause..  In Ekiga this occurs because the remote name is passed to a
display function as a format string, in GnomeMeeting because the remote name is
passed to a logging function as a format string.  Therefore there are two CVE
names even though the way to trigger these flaws is the same (connect with a
malicious name).
Comment 5 Red Hat Bugzilla 2007-02-20 07:06:15 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.