REDHAT-BUG-292831
First published: Mon Sep 17 2007(Updated: )
Common Vulnerabilities and Exposures assigned an identifier <a href="https://access.redhat.com/security/cve/CVE-2007-4897">CVE-2007-4897</a> to the following vulnerability: The SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting) 2.0.5 and earlier allows remote attackers to cause a denial of service (application crash) via unspecified vectors, related to "bad management of memory allocation." References: <a href="http://www.securityfocus.com/bid/25642">http://www.securityfocus.com/bid/25642</a> <a href="http://www.s21sec.com/avisos/s21sec-036-en.txt">http://www.s21sec.com/avisos/s21sec-036-en.txt</a> <a href="http://marc.info/?l=full-disclosure&m=118959114522339&w=2">http://marc.info/?l=full-disclosure&m=118959114522339&w=2</a> Note: Advisory posted to full-disclosure stated versions 2.0.5 and prior are vulnerable. s21sec site seems to have updated advisory stating version 2.0.7 is also vulnerable.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ekiga | <2.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2007-4897
- http://www.securityfocus.com/bid/25642
- http://www.s21sec.com/avisos/s21sec-036-en.txt
- http://marc.info/?l=full-disclosure&m=118959114522339&w=2
- http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html
- http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9
- http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html
- http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20&pathrev=Phobos
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=292831#c4
- https://access.redhat.com/security/cve/CVE-2007-4924
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=209771&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=209771&action=edit
- http://rhn.redhat.com/errata/RHSA-2007-0932.html
- https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2245
- https://bugzilla.redhat.com/show_bug.cgi?id=292831
Frequently Asked Questions
What is the severity of REDHAT-BUG-292831?
The vulnerability REDHAT-BUG-292831 is considered to be of medium severity due to its potential for causing denial of service.
How do I fix REDHAT-BUG-292831?
To fix REDHAT-BUG-292831, update Ekiga to version 2.0.8 or later, which addresses the vulnerability.
Which versions of Ekiga are affected by REDHAT-BUG-292831?
Ekiga versions 2.0.5 and earlier are affected by the vulnerability REDHAT-BUG-292831.
What type of vulnerability is REDHAT-BUG-292831?
REDHAT-BUG-292831 is categorized as a denial of service vulnerability.
Who can exploit the REDHAT-BUG-292831 vulnerability?
Remote attackers can exploit the REDHAT-BUG-292831 vulnerability to disrupt service availability.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2007-4897
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ekiga
- canonical/ekiga