A format string vulnerability in Ekiga may allow the remote execution of arbitrary code.
Package | net-voip/ekiga on all architectures |
---|---|
Affected versions | < 2.0.7 |
Unaffected versions | >= 2.0.7 |
Ekiga is an open source VoIP and video conferencing application.
Mu Security has discovered that Ekiga fails to implement formatted printing correctly.
An attacker could exploit this vulnerability to crash Ekiga and potentially execute arbitrary code by sending a specially crafted Q.931 SETUP packet to a victim.
There is no known workaround at this time.
All Ekiga users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-voip/ekiga-2.0.7"
Release date
March 29, 2007
Latest revision
May 28, 2009: 02
Severity
high
Exploitable
remote
Bugzilla entries