1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200703-25 / ekiga |
| Release Date | March 29, 2007 |
| Latest Revision | May 28, 2009: 02 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-voip/ekiga | < 2.0.7 | >= 2.0.7 | All supported architectures |
Related bugreports: #167643
A format string vulnerability in Ekiga may allow the remote execution of arbitrary code.
Ekiga is an open source VoIP and video conferencing application.
Mu Security has discovered that Ekiga fails to implement formatted printing correctly.
An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a specially crafted Q.931 SETUP packet to a victim.
There is no known workaround at this time.
All Ekiga users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7" |