Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200512-11
HistoryDec 20, 2005 - 12:00 a.m.

CenterICQ: Multiple vulnerabilities

2005-12-2000:00:00
Gentoo Foundation
security.gentoo.org
10

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.231 Low

EPSS

Percentile

96.5%

JSON

Background

CenterICQ is a text-based instant messaging interface that supports multiple protocols. It includes the ktools library, which provides text-mode user interface controls.

Description

Gentoo developer Wernfried Haas discovered that when the “Enable peer-to-peer communications” option is enabled, CenterICQ opens a port that insufficiently validates whatever is sent to it. Furthermore, Zone-H Research reported a buffer overflow in the ktools library.

Impact

A remote attacker could cause a crash of CenterICQ by sending packets to the peer-to-peer communications port, and potentially cause the execution of arbitrary code by enticing a CenterICQ user to edit overly long contact details.

Workaround

There is no known workaround at this time.

Resolution

All CenterICQ users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-im/centericq-4.21.0-r2"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-im/centericq< 4.21.0-r2UNKNOWN

Related

openvas 10
nessus 5
debian 4
ubuntucve 2
osv 1
cve 2
securityvulns 1
gentoo 1
openvas
openvas
Gentoo Security Advisory GLSA 200512-11 (CenterICQ)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200512-11 (CenterICQ)
2008-09-24 00:00:00
Debian Security Advisory DSA 912-1 (centericq)
2008-01-17 00:00:00
nessus
nessus
GLSA-200512-11 : CenterICQ: Multiple vulnerabilities
2005-12-30 00:00:00
Debian DSA-912-1 : centericq - denial of service
2006-10-14 00:00:00
Debian DSA-1083-1 : motor - buffer overflow
2006-10-14 00:00:00
debian
debian
[SECURITY] [DSA 912-1] New centericq packages fix denial of service
2005-11-30 10:53:40
[SECURITY] [DSA 912-1] New centericq packages fix denial of service
2005-11-30 10:53:40
[SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution
2006-05-31 06:20:55
ubuntucve
ubuntucve
CVE-2005-3694
2005-11-20 00:00:00
CVE-2005-3863
2005-11-29 00:00:00
osv
osv
centericq - denial of service
2005-11-30 00:00:00
cve
cve
CVE-2005-3694
2005-11-20 20:03:00
CVE-2005-3863
2005-11-29 11:03:00
securityvulns
securityvulns
[Full-disclosure] [SECURITY] [DSA 1083-1] New motor packages fix arbitrary code execution
2006-05-31 00:00:00
gentoo
gentoo
Motor: Execution of arbitrary code
2006-08-29 00:00:00

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

0.231 Low

EPSS

Percentile

96.5%

JSON
Related for GLSA-200512-11
openvas10nessus5debian4ubuntucve2osv1cve2securityvulns1gentoo1