[Fwd: [Secure-testing-team] Security issues in package ekg]]
Micah Anderson
micah at riseup.net
Sun Mar 25 06:11:52 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here are the CVEs for the ekg package:
> 2661: A memory leak in handling image messages, which may cause memory
> exhaustion resulting in a DoS (ekg program crash). Exploitable by a
> hostile GG user.
Use CVE-2007-1663
> 2694: off-by-one in token OCR function, which may cause a null pointer
> dereference resulting in a DoS (ekg program crash). Exploitable by MiTM
> (hostile HTTP proxy or TCP stream injection) or a hostile GG server.
Use CVE-2007-1664
> 2699: potential memory exhaust in token OCR function, which may cause
> memory exhaustion resulting in a DoS (ekg program crash). Exploitability
> same as in 2694.
Use CVE-2007-1665
Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGBgSY9n4qXRzy1ioRArsbAJ9GkTnA37BNM+8Ft1dVDSghdPj2mACgk7B8
4AUdBbcpFcYCV+IVvRE9Vmc=
=RsZY
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list