CVE-2007-1007
https://notcve.org/view.php?id=CVE-2007-1007
Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. Vulnerabilidad de cadena de formato en GnomeMeeting 1.0.2 y anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante cadenas de formato en el nombre, que no es tratado adecuadamente en una llamada a la función gnomemeeting_log_insert. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229266 http://osvdb.org/32083 http://secunia.com/advisories/24185 http://secunia.com/advisories/24271 http://secunia.com/advisories/24284 http://secunia.com/advisories/24379 http://secunia.com/advisories/25119 http://www.debian.org/security/2007/dsa-1262 http://www.mandriva.com/security/advisories?name=MDKSA-2007:045 http://www.novell.com/linux •
CVE-2007-1006 – Ekiga format string flaw
https://notcve.org/view.php?id=CVE-2007-1006
Multiple format string vulnerabilities in the gm_main_window_flash_message function in Ekiga before 2.0.5 allow attackers to cause a denial of service and possibly execute arbitrary code via a crafted Q.931 SETUP packet. Múltiples vulnerabilidades de cadena de formato en la función gm_main_window_flash_message en Ekiga versiones anteriores a 2.0.5, permiten a atacantes causar una denegación de servicio y posiblemente ejecutar código arbitrario por medio de un paquete SETUP Q.931 especialmente diseñado. • http://fedoranews.org/cms/node/2682 http://fedoranews.org/cms/node/2683 http://labs.musecurity.com/advisories/MU-200702-01.txt http://mail.gnome.org/archives/ekiga-list/2007-February/msg00060.html http://secunia.com/advisories/24194 http://secunia.com/advisories/24228 http://secunia.com/advisories/24229 http://secunia.com/advisories/24271 http://secunia.com/advisories/24379 http://secunia.com/advisories/24680 http://secunia.com/advisories/25119 http://security.gentoo.or • CWE-134: Use of Externally-Controlled Format String •