Red Hat Bugzilla – Bug 292831
CVE-2007-4897 ekiga GetHostAddress remote DoS
Last modified: 2012-06-20 10:35:21 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-4897 to the following vulnerability:
The SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting) 2.0.5 and
earlier allows remote attackers to cause a denial of service (application
crash) via unspecified vectors, related to "bad management of memory
Advisory posted to full-disclosure stated versions 2.0.5 and prior are
vulnerable. s21sec site seems to have updated advisory stating version
2.0.7 is also vulnerable.
s21sec advisory is a bit vague. Their blog contains bit more info (in Spanish):
Blog entry links following CVS commit as fix to the issue:
Problem lies not in ekiga itself, but in opal library / package.
openh323 used by gnomemeeting in RHEL3 and RHEL4 does not seem to contain
vulnerable code. Hence gnomemeeting (ekiga's predecessor) as shipped in Red Hat
Enterprise Linux 3 and 4 is not vulnerable. cmontgom, could you please correct
me if this assertion is wrong and I've managed to miss something important.
New ekiga version 2.0.10 was released today:
Announcement states this new version fixes this remote crash.
I contacted Damien Sandras this evening. The upstream patch for this
is the following:
Vulnerability fixed in ekiga 2.0.10 and addressed by patch in comment #4 is
different issue - CVE-2007-4924.
Created attachment 209771 [details]
pwlib PString::vsprintf patch
Root cause of the issue seems to lie in the pwlib library in implementation of
PString class. When string is already longer then 1000 characters, call to
(v)sprintf cause memory corruption.
Fixed in affected products:
Red Hat Enterprise Linux: