blob: d16bbd00156adc74200f04cce9a4bb9afb48c84c (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
source: centericq
date: August 28th, 2005
author: Joey Hess
vuln-type: multiple vulnerabilities
problem-scope: local and remote
debian-specific: no
cve: CVE-2005-2448 CVE-2005-2370 CVE-2005-2369 CVE-2005-1914
testing-fix: 4.20.0-8etch1
sid-fix: 4.20.0-9
upgrade: apt-get install centericq
centericq in testing is vulnerable to multiple security holes:
CVE-2005-2448
Multiple endianness errors in libgadu, which is embedded in centericq,
allow remote attackers to cause a denial of service (invalid behaviour in
applications) on big-endian systems.
CVE-2005-2370
Multiple memory alignment errors in libgadu, which is embedded in
centericq, allows remote attackers to cause a denial of service (bus error)
on certain architectures such as SPARC via an incoming message.
CVE-2005-2369
Multiple integer signedness errors in libgadu, which is embedded in
centericq, may allow remote attackers to cause a denial of service
or execute arbitrary code.
CVE-2005-1914
centericq creates temporary files with predictable file names, which
allows local users to overwrite arbitrary files via a symlink attack.
|