Debian DSA-1318-1 : ekg - several vulnerabilities

medium Nessus Plugin ID 25584

Synopsis

The remote Debian host is missing a security-related update.

Description

Several remote vulnerabilities have been discovered in ekg, a console Gadu Gadu client. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2005-2370 It was discovered that memory alignment errors may allow remote attackers to cause a denial of service on certain architectures such as sparc. This only affects Debian Sarge.

- CVE-2005-2448 It was discovered that several endianess errors may allow remote attackers to cause a denial of service.
This only affects Debian Sarge.

- CVE-2007-1663 It was discovered that a memory leak in handling image messages may lead to denial of service. This only affects Debian Etch.

- CVE-2007-1664 It was discovered that a NULL pointer deference in the token OCR code may lead to denial of service. This only affects Debian Etch.

- CVE-2007-1665 It was discovered that a memory leak in the token OCR code may lead to denial of service. This only affects Debian Etch.

Solution

Upgrade the ekg packages.

For the oldstable distribution (sarge) these problems have been fixed in version 1.5+20050411-7. This updates lacks updated packages for the m68k architecture. They will be provided later.

For the stable distribution (etch) these problems have been fixed in version 1:1.7~rc2-1etch1.

See Also

https://security-tracker.debian.org/tracker/CVE-2005-2370

https://security-tracker.debian.org/tracker/CVE-2005-2448

https://security-tracker.debian.org/tracker/CVE-2007-1663

https://security-tracker.debian.org/tracker/CVE-2007-1664

https://security-tracker.debian.org/tracker/CVE-2007-1665

https://www.debian.org/security/2007/dsa-1318

Plugin Details

Severity: Medium

ID: 25584

File Name: debian_DSA-1318.nasl

Version: 1.20

Type: local

Agent: unix

Published: 6/27/2007

Updated: 1/4/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/o:debian:debian_linux:4.0, p-cpe:/a:debian:debian_linux:ekg, cpe:/o:debian:debian_linux:3.1

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 6/22/2007

Reference Information

CVE: CVE-2005-2370, CVE-2005-2448, CVE-2007-1663, CVE-2007-1664, CVE-2007-1665

DSA: 1318