Vulnerabilities > CVE-2007-1006 - USE of Externally-Controlled Format String vulnerability in Ekiga

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
ekiga
CWE-134
critical
nessus

Summary

Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. Update to version 2.0.5.

Vulnerable Configurations

Part Description Count
Application
Ekiga
1

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Format String Injection
    An attacker includes formatting characters in a string input field on the target application. Most applications assume that users will provide static text and may respond unpredictably to the presence of formatting character. For example, in certain functions of the C programming languages such as printf, the formatting character %s will print the contents of a memory location expecting this location to identify a string and the formatting character %n prints the number of DWORD written in the memory. An attacker can use this to read or write to memory locations or files, or simply to manipulate the value of the resulting text in unexpected ways. Reading or writing memory may result in program crashes and writing memory could result in the execution of arbitrary code if the attacker can write to the program stack.
  • String Format Overflow in syslog()
    This attack targets the format string vulnerabilities in the syslog() function. An attacker would typically inject malicious input in the format string parameter of the syslog function. This is a common problem, and many public vulnerabilities and associated exploits have been posted.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-262.NASL
    descriptionA format string flaw was found in the way Ekiga processes certain messages form remote clients. This flaw could potentially allow a remote attacker to execute arbitrary code as the user running Ekiga. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24693
    published2007-02-23
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24693
    titleFedora Core 5 : ekiga-2.0.1-4 (2007-262)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_EKIGA-3023.NASL
    descriptionThis update fixes format string problems in ekiga. (CVE-2007-1006)
    last seen2020-06-01
    modified2020-06-02
    plugin id27203
    published2007-10-17
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/27203
    titleopenSUSE 10 Security Update : ekiga (ekiga-3023)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2007-263.NASL
    descriptionA format string flaw was found in the way Ekiga processes certain messages. If a user is running Ekiga, a remote attacker who can connect to Ekiga could trigger this flaw and potentially execute arbitrary code with the privileges of the user. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id24694
    published2007-02-23
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24694
    titleFedora Core 6 : ekiga-2.0.5-2.fc6 (2007-263)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-044.NASL
    descriptionA format string flaw was discovered in how ekiga processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga. Updated package have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24687
    published2007-02-22
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24687
    titleMandrake Linux Security Advisory : ekiga (MDKSA-2007:044)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-426-1.NASL
    descriptionMu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user
    last seen2020-06-01
    modified2020-06-02
    plugin id28019
    published2007-11-10
    reporterUbuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/28019
    titleUbuntu 5.10 / 6.06 LTS / 6.10 : ekiga, gnomemeeting vulnerabilities (USN-426-1)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200703-25.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200703-25 (Ekiga: Format string vulnerability) Mu Security has discovered that Ekiga fails to implement formatted printing correctly. Impact : An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a specially crafted Q.931 SETUP packet to a victim. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id24930
    published2007-04-05
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24930
    titleGLSA-200703-25 : Ekiga: Format string vulnerability
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2007-058.NASL
    descriptionA format string flaw was discovered in how ekiga processes certain messages, which could permit a remote attacker that can connect to ekiga to potentially execute arbitrary code with the privileges of the user running ekiga. This is similar to the previous CVE-2007-1006, but the original evaluation/patches were incomplete. Updated package have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id24808
    published2007-03-12
    reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/24808
    titleMandrake Linux Security Advisory : ekiga (MDKSA-2007:058)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2007-0087.NASL
    descriptionUpdated ekiga packages that fix security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Ekiga is a tool to communicate with video and audio over the Internet. Format string flaws were found in the way Ekiga processes certain messages. If a user is running Ekiga, a remote attacker who can connect to Ekiga could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-0999, CVE-2007-1006) Users of Ekiga should upgrade to these updated packages which contain a backported patch to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id63840
    published2013-01-24
    reporterThis script is Copyright (C) 2013-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/63840
    titleRHEL 5 : ekiga (RHSA-2007:0087)

Oval

accepted2013-04-29T04:15:09.141-04:00
classvulnerability
contributors
  • nameAharon Chernin
    organizationSCAP.com, LLC
  • nameDragos Prisaca
    organizationG2, Inc.
definition_extensions
  • commentThe operating system installed on the system is Red Hat Enterprise Linux 5
    ovaloval:org.mitre.oval:def:11414
  • commentThe operating system installed on the system is CentOS Linux 5.x
    ovaloval:org.mitre.oval:def:15802
  • commentOracle Linux 5.x
    ovaloval:org.mitre.oval:def:15459
descriptionMultiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.
familyunix
idoval:org.mitre.oval:def:11642
statusaccepted
submitted2010-07-09T03:56:16-04:00
titleMultiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet.
version19

Redhat

advisories
bugzilla
id229262
titleCVE-2007-0999 Ekiga format string flaw (CVE-2007-1006)
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 5 is installed
      ovaloval:com.redhat.rhba:tst:20070331005
    • commentekiga is earlier than 0:2.0.2-7.0.2
      ovaloval:com.redhat.rhsa:tst:20070087001
    • commentekiga is signed with Red Hat redhatrelease key
      ovaloval:com.redhat.rhsa:tst:20070087002
rhsa
idRHSA-2007:0087
released2007-03-14
severityCritical
titleRHSA-2007:0087: ekiga security update (Critical)
rpms
  • ekiga-0:2.0.2-7.0.2
  • ekiga-debuginfo-0:2.0.2-7.0.2