CVE-2007-4897 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2007-4897
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2007-4897

Description: pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/36568 UBUNTU http://www.ubuntu.com/usn/usn-561-1 ST 1018683 SREASON http://securityreason.com/securityalert/3138 SAID Secunia Advisory: SA28385 Secunia Advisory: SA27127 Secunia Advisory: SA27150 Secunia Advisory: SA27518 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0932.html MISC http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9 http://www.s21sec.com/avisos/s21sec-036-en.txt MANDRIVA http://www.mandriva.com/security/advisories?name=MDKSA-2007:206 FULLDISC http://marc.info/?l=full-disclosure&m=118959114522339&w=2 CONFIRM BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/479185/100/0/threaded BID 25642

Return to the previous page.