Miembros de
Boletines de Vulnerabilidades |
Denegación de servicio en la librería pwlib |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Denegación de Servicio |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto sin cuenta a un servicio estandar |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | Pwlib |
Descripción |
|
|
Se ha encontrado una vulnerabilidad en Ekiga en la versión 2.0.5 y anteriores en la función SIPURL::GetHostAddress. La vulnerabilidad reside en un error con la manipulación de memoria en la librería pwlib. Un atacante remoto podría causar una denegación de servicio. |
|
Solución |
|
|
Actualización de software Red Hat (RHSA-2007:0932-2) RHEL Desktop Workstation (v. 5 client) RHEL Optional Productivity Applications (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) https://rhn.redhat.com/ Mandriva (MDKSA-2007:206) Corporate Server 3.0 X86 corporate/3.0/i586/libpwlib1-1.5.2-2.2.C30mdk.i586.rpm corporate/3.0/i586/libpwlib1-devel-1.5.2-2.2.C30mdk.i586.rpm corporate/3.0/SRPMS/pwlib-1.5.2-2.2.C30mdk.src.rpm X86_64 corporate/3.0/x86_64/lib64pwlib1-1.5.2-2.2.C30mdk.x86_64.rpm corporate/3.0/x86_64/lib64pwlib1-devel-1.5.2-2.2.C30mdk.x86_64.rpm corporate/3.0/SRPMS/pwlib-1.5.2-2.2.C30mdk.src.rpm Mandriva Linux 2007 X86 2007.0/i586/libpwlib1-1.10.2-2.1mdv2007.0.i586.rpm 2007.0/i586/libpwlib1-devel-1.10.2-2.1mdv2007.0.i586.rpm 2007.0/i586/libpwlib1-plugins-1.10.2-2.1mdv2007.0.i586.rpm 2007.0/i586/libpwlib1-plugins-avc-1.10.2-2.1mdv2007.0.i586.rpm 2007.0/i586/libpwlib1-plugins-dc-1.10.2-2.1mdv2007.0.i586.rpm 2007.0/SRPMS/pwlib-1.10.2-2.1mdv2007.0.src.rpm X86_64 2007.0/x86_64/lib64pwlib1-1.10.2-2.1mdv2007.0.x86_64.rpm 2007.0/x86_64/lib64pwlib1-devel-1.10.2-2.1mdv2007.0.x86_64.rpm 2007.0/x86_64/lib64pwlib1-plugins-1.10.2-2.1mdv2007.0.x86_64.rpm 2007.0/x86_64/lib64pwlib1-plugins-avc-1.10.2-2.1mdv2007.0.x86_64.rpm 2007.0/x86_64/lib64pwlib1-plugins-dc-1.10.2-2.1mdv2007.0.x86_64.rpm 2007.0/SRPMS/pwlib-1.10.2-2.1mdv2007.0.src.rpm Mandriva Linux 2007.1 X86 2007.1/i586/libpwlib1-1.10.5-1.1mdv2007.1.i586.rpm 2007.1/i586/libpwlib1-devel-1.10.5-1.1mdv2007.1.i586.rpm 2007.1/i586/libpwlib1-plugins-1.10.5-1.1mdv2007.1.i586.rpm 2007.1/i586/libpwlib1-plugins-avc-1.10.5-1.1mdv2007.1.i586.rpm 2007.1/i586/libpwlib1-plugins-dc-1.10.5-1.1mdv2007.1.i586.rpm 2007.1/SRPMS/pwlib-1.10.5-1.1mdv2007.1.src.rpm X86_64 2007.1/x86_64/lib64pwlib1-1.10.5-1.1mdv2007.1.x86_64.rpm 2007.1/x86_64/lib64pwlib1-devel-1.10.5-1.1mdv2007.1.x86_64.rpm 2007.1/x86_64/lib64pwlib1-plugins-1.10.5-1.1mdv2007.1.x86_64.rpm 2007.1/x86_64/lib64pwlib1-plugins-avc-1.10.5-1.1mdv2007.1.x86_64.rpm 2007.1/x86_64/lib64pwlib1-plugins-dc-1.10.5-1.1mdv2007.1.x86_64.rpm 2007.1/SRPMS/pwlib-1.10.5-1.1mdv2007.1.src.rpm Mandriva Linux 2008.0 X86 2008.0/i586/libpwlib1-1.10.10-2.1mdv2008.0.i586.rpm 2008.0/i586/libpwlib1-devel-1.10.10-2.1mdv2008.0.i586.rpm 2008.0/i586/libpwlib1-plugins-1.10.10-2.1mdv2008.0.i586.rpm 2008.0/i586/libpwlib1-plugins-avc-1.10.10-2.1mdv2008.0.i586.rpm 2008.0/i586/libpwlib1-plugins-dc-1.10.10-2.1mdv2008.0.i586.rpm 2008.0/SRPMS/pwlib-1.10.10-2.1mdv2008.0.src.rpm X86_64 2008.0/x86_64/lib64pwlib1-1.10.10-2.1mdv2008.0.x86_64.rpm 2008.0/x86_64/lib64pwlib1-devel-1.10.10-2.1mdv2008.0.x86_64.rpm 2008.0/x86_64/lib64pwlib1-plugins-1.10.10-2.1mdv2008.0.x86_64.rpm 2008.0/x86_64/lib64pwlib1-plugins-avc-1.10.10-2.1mdv2008.0.x86_64.rpm 2008.0/x86_64/lib64pwlib1-plugins-dc-1.10.10-2.1mdv2008.0.x86_64.rpm 2008.0/SRPMS/pwlib-1.10.10-2.1mdv2008.0.src.rpm Ubuntu (USN-561-1 ) Ubuntu 6.06 LTS libpt-1.10.0 / patch 1.10.0-1ubuntu1.1 Ubuntu 6.10 libpt-1.10.0 / patch 1.10.2.dfsg-0ubuntu3.1 Ubuntu 7.04 libpt-1.10.0 / patch 1.10.3-0ubuntu1.1 Ubuntu 7.10 libpt-1.10.0 / patch 1.10.10-0ubuntu2.1 |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2007-4897 |
| BID | 25642 |
Recursos adicionales |
|
|
Red Hat Security Advisory (RHSA-2007:0932-2) https://rhn.redhat.com/errata/RHSA-2007-0932.html Mandriva Security Advisory (MDKSA-2007:206) http://www.mandriva.com/security/advisories?name=MDKSA-2007:206 Ubuntu Security Advisory (USN-561-1) http://www.ubuntu.com/usn/usn-561-1 |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2007-10-08 |
| 1.1 | Aviso emitido por Mandriva (MDKSA-2007:206) | 2007-11-07 |
| 1.2 | Aviso emitido por Ubuntu (USN-561-1) | 2008-01-11 |