FrSIRT - Fedora Security Update Fixes Ekiga Format String Remote Code Execution Vulnerability / Exploit (Security Advisories)

French Security Incident Response Team

French

English

Fedora Security Update Fixes Ekiga Format String Remote Code Execution Vulnerability

Title : Fedora Security Update Fixes Ekiga Format String Remote Code Execution Vulnerability
Advisory ID : FrSIRT/ADV-2007-0684
CVE ID : CVE-2007-1007
Rated as : High Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-02-21

Advisory Details

Description

Affected Products

Solution

References

Technical Description

Fedora has released security updates to address a vulnerability identified in Ekiga [...]

Solution

Upgrade the affected packages :

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/5/

3a002a3c4871e8cfbc88e8970e15f6ae58e6c333 SRPMS/ekiga-2.0.1-5.src.rpm
3a002a3c4871e8cfbc88e8970e15f6ae58e6c333 noarch/ekiga-2.0.1-5.src.rpm
d68463331e1c3d61c3f0361083db13ce1479fdef ppc/debug/ekiga-debuginfo-2.0.1-5.ppc.rpm
e4f55843e13f7a0fd30be080680413b6f3ff105c ppc/ekiga-2.0.1-5.ppc.rpm
cdbfede724ffc3fd04f33af28d20a9c40e8984cb x86_64/ekiga-2.0.1-5.x86_64.rpm
48c8697b20343088e4b2276ce60b8ef2515377b5 x86_64/debug/ekiga-debuginfo-2.0.1-5.x86_64.rpm
11d446468ac7c58d190a5745d49e478d27a6aa9f i386/ekiga-2.0.1-5.i386.rpm
dcc74c1c9f127303c3ba2fad3df5b4aafe2ec6fc i386/debug/ekiga-debuginfo-2.0.1-5.i386.rpm

http://download.fedora.redhat.com/pub/fedora/linux/core/updates/6/

aae17ac2d76c1ccdcc37fd940bcbd135eff0bb78 SRPMS/ekiga-2.0.5-3.fc6.src.rpm
aae17ac2d76c1ccdcc37fd940bcbd135eff0bb78 noarch/ekiga-2.0.5-3.fc6.src.rpm
091ec23c3c9b176f52bb686a1d7d0e2d26801ffe ppc/ekiga-2.0.5-3.fc6.ppc.rpm
0a74af03597931633c41cbe3bc3861a4a73e0af7 ppc/debug/ekiga-debuginfo-2.0.5-3.fc6.ppc.rpm
226d8318a82b4ee92cba1f6e0a155cef5bc6dad5 x86_64/debug/ekiga-debuginfo-2.0.5-3.fc6.x86_64.rpm
c53b00ffef5a40a36a3c4e430e9011c239d7d2fa x86_64/ekiga-2.0.5-3.fc6.x86_64.rpm
5a345f12b2d0ce0ad310a4b2547acc72c0a7f9fa i386/debug/ekiga-debuginfo-2.0.5-3.fc6.i386.rpm
d303f0db1982e5825a1aa0751475c0a839d2d204 i386/ekiga-2.0.5-3.fc6.i386.rpm

ChangeLog

2007-02-21 : Initial release
2007-03-07 : Updated Solution

Vulnerability Management

Subscribe to FrSIRT VNS and receive real-time e-mail and SMS alerts when new vulnerabilities, exploits, or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form or by email to updates@frsirt.com.

Mailinglist

	Oracle and BEA Products Multiple Code Execution Vulnerabilities
	Oracle Products Multiple Code Execution and Security Bypass Issues
	Oracle Products Command Execution and SQL Injection Vulnerabilities
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle Database "PITRIG_DROPMETADATA" Buffer Overflow Vulnerability
	Oracle Products Multiple Code Execution and SQL Injection Vulnerabilities
	Oracle JInitiator ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities

	Apple iPhone and iPod touch Multiple Code Execution Vulnerabilities
	Apple Safari Code Execution and Security Bypass Vulnerabilities
	Apple iLife and Aperture Image Handling Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple TV Multiple File Processing Code Execution Vulnerabilities
	Apple Mac OS X Code Execution and Security Bypass Vulnerabilities
	Apple iPhone Code Execution and Security Bypass Vulnerabilities

	Cisco IOS/CatOS VLAN Trunking Protocol DoS Vulnerability
	Cisco PIX and ASA Security Bypass and Denial of Service
	Cisco Unity Security Bypass and Denial of Service
	Cisco UCM SIP Remote Denial of Service
	Cisco IOS Denial of Service and Security Bypass Vulnerabilities
	Cisco PIX and ASA Information Disclosure and DoS Vulnerabilities
	Cisco Secure ACS EAP Remote Denial Of Service Vulnerability