CVE-2011-1830 – Ekiga attempts to dlopen /tmp/ekiga_test.so
https://notcve.org/view.php?id=CVE-2011-1830
Ekiga versions before 3.3.0 attempted to load a module from /tmp/ekiga_test.so. Las versiones de Ekiga anteriores a la 3.3.0 intentaron cargar un módulo desde /tmp/ekiga_test.so. • https://gitlab.gnome.org/GNOME/ekiga/commit/02654fc949722a78d41fcffac8687d73d8574647 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2012-5621
https://notcve.org/view.php?id=CVE-2012-5621
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings. lib/engine/components/opal/opal-call.cpp en ekiga anterior a 4.0.0 permite a atacantes remotos causar una denegación de servicio (caída) a través de una conexión con un nombre de parte que contiene cadenas UTF-8 inválidas. • http://ftp.gnome.org/pub/gnome/sources/ekiga/4.0/ekiga-4.0.0.news http://seclists.org/oss-sec/2012/q4/407 http://www.securityfocus.com/bid/56790 https://blogs.oracle.com/sunsecurity/entry/cve_2012_5621_denial_of https://bugzilla.redhat.com/show_bug.cgi?id=883058 https://exchange.xforce.ibmcloud.com/vulnerabilities/80640 https://git.gnome.org/browse/ekiga/commit/?id=7d09807257 https://lists.fedoraproject.org/pipermail/package-announce/2013-March/099554.html • CWE-20: Improper Input Validation •
CVE-2013-1864
https://notcve.org/view.php?id=CVE-2013-1864
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted PXML document containing a large number of nested entity references, aka a "billion laughs attack." Portable Tool Library (también conocido como PTLib) anterior a 2.10.10, utilizado en Ekiga anterior a 4.0.1, no detecta debidamente recursión durante expansión de entidad, lo que permite a atacantes remotos causar una denegación de servicio (consumo de memoria y CPU) a través de un documento PXML manipulado que contiene un número grande de referencias de entidad anidadas, también conocido como 'ataque de un billón de risas.' • http://lists.fedoraproject.org/pipermail/package-announce/2013-March/099553.html http://osvdb.org/91439 http://seclists.org/oss-sec/2013/q1/674 http://secunia.com/advisories/52659 http://sourceforge.net/p/opalvoip/code/28856 http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available http://www.securityfocus.com/bid/58520 https://exchange.xforce.ibmcloud.com/vulnerabilities/82885 https://www.suse.com/support/update/announcement/2014/suse-su-20140237-1.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4924 – OpenH323 Opal SIP Protocol - Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4924
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address." Open Phone Abstraction Library (opal), como la usada en (1) Ekiga anterior a 2.0.10 y (2) OpenH323 anterior a 2.2.4, permite a atacantes remotos provocar una denegación de servicio (caída) mediante una cabecera Content-Length inválida en paquetes SIP del Protocolo de Inicio de Sesión (SIP, Session Initiation Protocol), lo cual provoca que el byte \0 sea escrito en una "dirección controlada por el atacante". • https://www.exploit-db.com/exploits/9240 http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20 http://osvdb.org/41637 http://secunia.com/advisories/27118 http://secunia.com/advisories/27128 http://secunia.com/advisories/27129 http://secunia.com/advisories/27271 http://secunia.com/ • CWE-20: Improper Input Validation •
CVE-2007-0999
https://notcve.org/view.php?id=CVE-2007-0999
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006. Vulnerabilidad de cadena de formato en Ekiga 2.0.3, y probablemente otras versiones, permite a atacantes remotos ejecutar código de su elección a través de vectores no especificados, una vulnerabilidad distinta de CVE-2007-1006. • http://www.mandriva.com/security/advisories?name=MDKSA-2007:058 http://www.redhat.com/support/errata/RHSA-2007-0087.html http://www.ubuntu.com/usn/usn-434-1 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10944 https://access.redhat.com/security/cve/CVE-2007-0999 https://bugzilla.redhat.com/show_bug.cgi?id=1618289 •