Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2007-4897

Published: 14/09/2007 Updated: 15/10/2018
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 505
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Ekiga

Vulnerability Summary

pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote malicious users to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

Vulnerable Product Search on Vulmon Subscribe to Product

ekiga ekiga 2.0.5

Vendor Advisories

Ubuntu Security Notice: pwlib vulnerability
Jose Miguel Esparza discovered that pwlib did not correctly handle large string lengths A remote attacker could send specially crafted packets to applications linked against pwlib (eg Ekiga) causing them to crash, leading to a denial of service ...

Exploits

Exploit DB: Ekiga 2.0.5 - 'GetHostAddress' Remote Denial of Service
#!/usr/bin/env python # # Ekiga GetHostAddress Remote Denial of Service Vulnerability (CVE-2007-4897) # # ekiga207_dospy by Jose Miguel Esparza # 2007-09-11 S21sec labs import sys,socket if len(sysargv) != 3: sysexit("Usage: " + sysargv[0] + " target_host target_port\n") target = sysargv[1] targetPort = int(sysargv[2]) malformedRequest = ...
Exploit DB: Ekiga 2.0.5 Denial Of Service
Ekiga GetHostAddress remote denial of service exploit ...

References

CWE-399http://marc.info/?l=full-disclosure&m=118959114522339&w=2http://www.s21sec.com/avisos/s21sec-036-en.txthttp://www.securityfocus.com/bid/25642http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.htmlhttp://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9http://www.mandriva.com/security/advisories?name=MDKSA-2007:206http://www.redhat.com/support/errata/RHSA-2007-0932.htmlhttp://www.securitytracker.com/id?1018683http://secunia.com/advisories/27127http://secunia.com/advisories/27150http://secunia.com/advisories/27518http://securityreason.com/securityalert/3138http://www.ubuntu.com/usn/usn-561-1http://secunia.com/advisories/28385https://bugzilla.redhat.com/show_bug.cgi?id=292831https://exchange.xforce.ibmcloud.com/vulnerabilities/36568https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10928http://www.securityfocus.com/archive/1/479185/100/0/threadedhttps://usn.ubuntu.com/561-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/9241/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTICVE-2024-35863CVE-2024-35910man-in-the-middleCVE-2024-35912CVE-2024-25742LFICVE-2024-32002CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook