Vulnerability Bulletins |
Múltiples denegaciones de servicio en ekg |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Denegación de Servicio |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | GNU/Linux |
| Affected software | ekg < 1.6rc2 |
Description |
|
|
Se han encontrado múltiples denegaciones de servicio en ekg. Las vulnerabilidades son descritas a continuación. - CVE-2005-2370: Se ha encontrado una vulnerabilidad en ekg en las versiones anteriores a la 1.6rc2 en la librería libgadu. La vulnerabilidad reside en múltiples errores de alineamiento de memoria. Un atacante remoto podría causar una denegación de servicio en ciertas arquitecturas tales como SPARC mediante un mensaje entrante. - CVE-2005-2448: Se ha encontrado una vulnerabilidad en ekg en las versiones anteriores a la 1.6rc2 en la librería libgadu. La vulnerabilidad reside en múltiples errores en la codificación endian. Un atacante remoto podría causar una denegación de servicio en sistemas con codificación big-endian. - CVE-2007-1663: Se ha encontrado una vulnerabilidad en ekg. La vulnerabilidad reside en una fuga de memoria en el manejo de mensajes de imágenes. Un atacante remoto podría causar una denegación de servicio. - CVE-2007-1664: Se ha encontrado una vulnerabilidad en ekg. La vulnerabilidad reside en una referencia a un puntero nulo en el código simbólico OCR. Un atacante remoto podría causar una denegación de servicio. - CVE-2007-1665: Se ha encontrado una vulnerabilidad en ekg. La vulnerabilidad reside en una fuga de memoria en el código simbólico OCR. Un atacante remoto podría causar una denegación de servicio. |
|
Solution |
|
|
Actualización de software Debian Linux 3.1 Source http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.dsc http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7.diff.gz http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_alpha.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_alpha.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_alpha.deb AMD64 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_amd64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_amd64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_amd64.deb ARM http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_arm.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_arm.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_arm.deb HP Precision http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_hppa.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_hppa.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_i386.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_i386.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_ia64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_ia64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_ia64.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mips.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mips.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_mipsel.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_mipsel.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_powerpc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_powerpc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_s390.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_s390.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/ekg/ekg_1.5+20050411-7_sparc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.5+20050411-7_sparc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.5+20050411-7_sparc.deb Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.dsc http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1.diff.gz http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_alpha.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_alpha.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_alpha.deb AMD64 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_amd64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_amd64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_amd64.deb ARM http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_arm.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_arm.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_arm.deb HP Precision http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_hppa.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_hppa.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_hppa.deb Intel IA-32 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_i386.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_i386.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_ia64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_ia64.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_ia64.deb Big endian MIPS http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mips.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mips.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_mipsel.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_mipsel.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_powerpc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_powerpc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_s390.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_s390.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/e/ekg/ekg_1.7~rc2-1etch1_sparc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu-dev_1.7~rc2-1etch1_sparc.deb http://security.debian.org/pool/updates/main/e/ekg/libgadu3_1.7~rc2-1etch1_sparc.deb |
|
Standar resources |
|
| Property | Value |
| CVE |
CVE-2005-2370 CVE-2005-2448 CVE-2007-1663 CVE-2007-1664 CVE-2007-1665 |
| BID | 14415 |
Other resources |
|
|
Debian Security Advisory (DSA 1318-1) http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00078.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2007-06-25 |