Vulnerabilities > CVE-2005-2958 - Format String vulnerability in LibGDA

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gnome
nessus

Summary

Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Gnome
1

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE9_10554.NASL
    descriptionThis update fixes the following security problem: libgda contained two format string bugs in logging routines. Those bugs could potentially indirectly lead to arbitrary code execution via applications that link against libgda and supply data to libgda. (CVE-2005-2958)
    last seen2020-06-01
    modified2020-06-02
    plugin id41082
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41082
    titleSuSE9 Security Update : libgda (YOU Patch Number 10554)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41082);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:28");
    
      script_cve_id("CVE-2005-2958");
    
      script_name(english:"SuSE9 Security Update : libgda (YOU Patch Number 10554)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update fixes the following security problem: libgda contained two
    format string bugs in logging routines. Those bugs could potentially
    indirectly lead to arbitrary code execution via applications that link
    against libgda and supply data to libgda. (CVE-2005-2958)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2005-2958/"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 10554.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/11/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"libgda-1.0.3-54.4")) flag++;
    if (rpm_check(release:"SUSE9", reference:"libgda-devel-1.0.3-54.4")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200511-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200511-01 (libgda: Format string vulnerabilities) Steve Kemp discovered two format string vulnerabilities in the gda_log_error and gda_log_message functions. Some applications may pass untrusted input to those functions and be vulnerable. Impact : An attacker could pass malicious input to an application making use of the vulnerable libgda functions, potentially resulting in the execution of arbitrary code with the rights of that application. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id20140
    published2005-11-04
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20140
    titleGLSA-200511-01 : libgda: Format string vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1029.NASL
    description - Wed Oct 26 2005 Caolan McNamara <caolanm at redhat.com> 1:1.0.4-3.1 - CVE-2005-2958 libgda format string issue Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20164
    published2005-11-08
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20164
    titleFedora Core 3 : libgda-1.0.4-3.1 (2005-1029)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-203.NASL
    descriptionSteve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library. The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id20438
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20438
    titleMandrake Linux Security Advisory : gda2.0 (MDKSA-2005:203)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-212-1.NASL
    descriptionSteve Kemp discovered two format string vulnerabilities in the logging handler of the Gnome database access library. Depending on the application that uses the library, this could have been exploited to execute arbitrary code with the permission of the user running the application. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20630
    published2006-01-15
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20630
    titleUbuntu 4.10 / 5.04 / 5.10 : libgda2 vulnerability (USN-212-1)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-871.NASL
    descriptionSteve Kemp discovered two format string vulnerabilities in libgda2, the GNOME Data Access library for GNOME2, which may lead to the execution of arbitrary code in programs that use this library.
    last seen2020-06-01
    modified2020-06-02
    plugin id22737
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22737
    titleDebian DSA-871-2 : libgda2 - format string