Vulnerabilities > CVE-2007-1007
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. Failed exploit attempts will like result in a system level denial-of-service condition. The product "GnomeMeeting" is now called "Ekiga".
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| OS | 8 |
Nessus
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2007-0086.NASL description Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24674 published 2007-02-21 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24674 title CentOS 3 / 4 : gnomemeeting (CESA-2007:0086) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0086 and # CentOS Errata and Security Advisory 2007:0086 respectively. # include("compat.inc"); if (description) { script_id(24674); script_version("1.16"); script_cvs_date("Date: 2019/10/25 13:36:03"); script_cve_id("CVE-2007-1007"); script_bugtraq_id(22613); script_xref(name:"RHSA", value:"2007:0086"); script_name(english:"CentOS 3 / 4 : gnomemeeting (CESA-2007:0086)"); script_summary(english:"Checks rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue." ); # https://lists.centos.org/pipermail/centos-announce/2007-February/013549.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b6d5d866" ); # https://lists.centos.org/pipermail/centos-announce/2007-February/013550.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ae913b2" ); # https://lists.centos.org/pipermail/centos-announce/2007-February/013551.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?834826ec" ); # https://lists.centos.org/pipermail/centos-announce/2007-February/013552.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c74fc2f5" ); # https://lists.centos.org/pipermail/centos-announce/2007-February/013556.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?f3a26653" ); # https://lists.centos.org/pipermail/centos-announce/2007-February/013557.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ef76e81d" ); script_set_attribute( attribute:"solution", value:"Update the affected gnomemeeting package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:gnomemeeting"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/20"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x / 4.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-3", reference:"gnomemeeting-0.96.0-5")) flag++; if (rpm_check(release:"CentOS-4", reference:"gnomemeeting-1.0.2-9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnomemeeting"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2007-0086.NASL description Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 24678 published 2007-02-21 reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/24678 title RHEL 3 / 4 : gnomemeeting (RHSA-2007:0086) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2007:0086. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(24678); script_version ("1.23"); script_cvs_date("Date: 2019/10/25 13:36:12"); script_cve_id("CVE-2007-1007"); script_bugtraq_id(22613); script_xref(name:"RHSA", value:"2007:0086"); script_name(english:"RHEL 3 / 4 : gnomemeeting (RHSA-2007:0086)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2007-1007" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2007:0086" ); script_set_attribute( attribute:"solution", value:"Update the affected gnomemeeting package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnomemeeting"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4"); script_set_attribute(attribute:"vuln_publication_date", value:"2007/02/20"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/21"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^(3|4)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x / 4.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2007:0086"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL3", reference:"gnomemeeting-0.96.0-5")) flag++; if (rpm_check(release:"RHEL4", reference:"gnomemeeting-1.0.2-9")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnomemeeting"); } }NASL family SuSE Local Security Checks NASL id SUSE_GNOMEMEETING-3162.NASL description This update fixes format string problems in gnomemeeting. (CVE-2007-1007) last seen 2020-06-01 modified 2020-06-02 plugin id 27241 published 2007-10-17 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/27241 title openSUSE 10 Security Update : gnomemeeting (gnomemeeting-3162) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update gnomemeeting-3162. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(27241); script_version ("1.12"); script_cvs_date("Date: 2019/10/25 13:36:29"); script_cve_id("CVE-2007-1007"); script_name(english:"openSUSE 10 Security Update : gnomemeeting (gnomemeeting-3162)"); script_summary(english:"Check for the gnomemeeting-3162 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes format string problems in gnomemeeting. (CVE-2007-1007)" ); script_set_attribute( attribute:"solution", value:"Update the affected gnomemeeting package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gnomemeeting"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:10.1"); script_set_attribute(attribute:"patch_publication_date", value:"2007/04/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/10/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE10\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "10.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE10.1", reference:"gnomemeeting-1.2.2-24.8") ) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnomemeeting"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-426-1.NASL description Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 28019 published 2007-11-10 reporter Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/28019 title Ubuntu 5.10 / 6.06 LTS / 6.10 : ekiga, gnomemeeting vulnerabilities (USN-426-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-426-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(28019); script_version("1.14"); script_cvs_date("Date: 2019/08/02 13:33:01"); script_cve_id("CVE-2007-1006", "CVE-2007-1007"); script_xref(name:"USN", value:"426-1"); script_name(english:"Ubuntu 5.10 / 6.06 LTS / 6.10 : ekiga, gnomemeeting vulnerabilities (USN-426-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/426-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected ekiga and / or gnomemeeting packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ekiga"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gnomemeeting"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.10"); script_set_attribute(attribute:"patch_publication_date", value:"2007/02/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/11/10"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! ereg(pattern:"^(5\.10|6\.06|6\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 5.10 / 6.06 / 6.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"5.10", pkgname:"gnomemeeting", pkgver:"1.2.2-1ubuntu1.1")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"ekiga", pkgver:"2.0.1-0ubuntu6.1")) flag++; if (ubuntu_check(osver:"6.10", pkgname:"ekiga", pkgver:"2.0.3-0ubuntu3.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ekiga / gnomemeeting"); }NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2007-0086.NASL description From Red Hat Security Advisory 2007:0086 : Updated gnomemeeting packages that fix a security issue are now available for Red Hat Enterprise Linux. This update has been rated as having critical security impact by the Red Hat Security Response Team. GnomeMeeting is a tool to communicate with video and audio over the Internet. A format string flaw was found in the way GnomeMeeting processes certain messages. If a user is running GnomeMeeting, a remote attacker who can connect to GnomeMeeting could trigger this flaw and potentially execute arbitrary code with the privileges of the user. (CVE-2007-1007) Users of GnomeMeeting should upgrade to these updated packages which contain a backported patch to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 67457 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/67457 title Oracle Linux 3 / 4 : gnomemeeting (ELSA-2007-0086) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1262.NASL description 'Mu Security last seen 2020-06-01 modified 2020-06-02 plugin id 24765 published 2007-03-06 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/24765 title Debian DSA-1262-1 : gnomemeeting - format string NASL family SuSE Local Security Checks NASL id SUSE_GNOMEMEETING-3163.NASL description This update fixes format string problems in gnomemeeting which might be used by remote attackers to crash gnomemeeting and on older distributions potentially execute code. (CVE-2007-1007) last seen 2020-06-01 modified 2020-06-02 plugin id 29446 published 2007-12-13 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29446 title SuSE 10 Security Update : gnomemeeting (ZYPP Patch Number 3163)
Oval
| accepted | 2013-04-29T04:15:42.704-04:00 | ||||||||||||||||||||
| class | vulnerability | ||||||||||||||||||||
| contributors |
| ||||||||||||||||||||
| definition_extensions |
| ||||||||||||||||||||
| description | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | ||||||||||||||||||||
| family | unix | ||||||||||||||||||||
| id | oval:org.mitre.oval:def:11776 | ||||||||||||||||||||
| status | accepted | ||||||||||||||||||||
| submitted | 2010-07-09T03:56:16-04:00 | ||||||||||||||||||||
| title | Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. | ||||||||||||||||||||
| version | 26 |
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc
- http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229266
- http://osvdb.org/32083
- http://secunia.com/advisories/24185
- http://secunia.com/advisories/24271
- http://secunia.com/advisories/24284
- http://secunia.com/advisories/24379
- http://secunia.com/advisories/25119
- http://www.debian.org/security/2007/dsa-1262
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:045
- http://www.novell.com/linux/security/advisories/2007_9_sr.html
- http://www.redhat.com/support/errata/RHSA-2007-0086.html
- http://www.ubuntu.com/usn/usn-426-1
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11776