{"cve": [{"lastseen": "2017-10-11T11:07:01", "bulletinFamily": "NVD", "description": "Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function.", "modified": "2017-10-10T21:31:43", "published": "2007-02-20T12:28:00", "id": "CVE-2007-1007", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1007", "title": "CVE-2007-1007", "type": "cve", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:24", "bulletinFamily": "scanner", "description": "The remote host is missing an update to gnomemeeting\nannounced via advisory DSA 1262-1.\n\nMu Security discovered that a format string vulnerability in\nthe VoIP solution GnomeMeeting allows the execution of arbitrary code.", "modified": "2017-07-07T00:00:00", "published": "2008-01-17T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=58095", "id": "OPENVAS:58095", "title": "Debian Security Advisory DSA 1262-1 (gnomemeeting)", "type": "openvas", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_1262_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 1262-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"For the stable distribution (sarge) this problem has been fixed in\nversion 1.2.1-1sarge1.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 2.0.3-2.1 of the ekiga package.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.0.3-2.1 of the ekiga package.\n\nWe recommend that you upgrade your gnomemeeting package.\n\n https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201262-1\";\ntag_summary = \"The remote host is missing an update to gnomemeeting\nannounced via advisory DSA 1262-1.\n\nMu Security discovered that a format string vulnerability in\nthe VoIP solution GnomeMeeting allows the execution of arbitrary code.\";\n\n\nif(description)\n{\n script_id(58095);\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 23:17:11 +0100 (Thu, 17 Jan 2008)\");\n script_cve_id(\"CVE-2007-1007\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 1262-1 (gnomemeeting)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gnomemeeting\", ver:\"1.2.1-1sarge1\", rls:\"DEB3.1\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-04T11:28:44", "bulletinFamily": "scanner", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-426-1", "modified": "2017-12-01T00:00:00", "published": "2009-03-23T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=840096", "id": "OPENVAS:840096", "title": "Ubuntu Update for ekiga, gnomemeeting vulnerabilities USN-426-1", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_426_1.nasl 7969 2017-12-01 09:23:16Z santu $\n#\n# Ubuntu Update for ekiga, gnomemeeting vulnerabilities USN-426-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Mu Security discovered a format string vulnerability in Ekiga. If a\n user was running Ekiga and listening for incoming calls, a remote\n attacker could send a crafted call request, and execute arbitrary code\n with the user's privileges.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-426-1\";\ntag_affected = \"ekiga, gnomemeeting vulnerabilities on Ubuntu 5.10 ,\n Ubuntu 6.06 LTS ,\n Ubuntu 6.10\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-426-1/\");\n script_id(840096);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-23 10:55:18 +0100 (Mon, 23 Mar 2009)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"USN\", value: \"426-1\");\n script_cve_id(\"CVE-2007-1006\", \"CVE-2007-1007\");\n script_name( \"Ubuntu Update for ekiga, gnomemeeting vulnerabilities USN-426-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU6.06 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ekiga\", ver:\"2.0.1-0ubuntu6.1\", rls:\"UBUNTU6.06 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU6.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"ekiga\", ver:\"2.0.3-0ubuntu3.1\", rls:\"UBUNTU6.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU5.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"gnomemeeting\", ver:\"1.2.2-1ubuntu1.1\", rls:\"UBUNTU5.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2019-01-16T20:07:11", "bulletinFamily": "scanner", "description": "Updated gnomemeeting packages that fix a security issue are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nGnomeMeeting is a tool to communicate with video and audio over the\nInternet.\n\nA format string flaw was found in the way GnomeMeeting processes\ncertain messages. If a user is running GnomeMeeting, a remote attacker\nwho can connect to GnomeMeeting could trigger this flaw and\npotentially execute arbitrary code with the privileges of the user.\n(CVE-2007-1007)\n\nUsers of GnomeMeeting should upgrade to these updated packages which\ncontain a backported patch to correct this issue.", "modified": "2018-11-16T00:00:00", "published": "2007-02-21T00:00:00", "id": "REDHAT-RHSA-2007-0086.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24678", "title": "RHEL 3 / 4 : gnomemeeting (RHSA-2007:0086)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0086. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24678);\n script_version (\"1.20\");\n script_cvs_date(\"Date: 2018/11/16 15:19:26\");\n\n script_cve_id(\"CVE-2007-1007\");\n script_bugtraq_id(22613);\n script_xref(name:\"RHSA\", value:\"2007:0086\");\n\n script_name(english:\"RHEL 3 / 4 : gnomemeeting (RHSA-2007:0086)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnomemeeting packages that fix a security issue are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nGnomeMeeting is a tool to communicate with video and audio over the\nInternet.\n\nA format string flaw was found in the way GnomeMeeting processes\ncertain messages. If a user is running GnomeMeeting, a remote attacker\nwho can connect to GnomeMeeting could trigger this flaw and\npotentially execute arbitrary code with the privileges of the user.\n(CVE-2007-1007)\n\nUsers of GnomeMeeting should upgrade to these updated packages which\ncontain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2007-1007\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2007:0086\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnomemeeting package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:gnomemeeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = eregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2007:0086\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", reference:\"gnomemeeting-0.96.0-5\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", reference:\"gnomemeeting-1.0.2-9\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnomemeeting\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:11", "bulletinFamily": "scanner", "description": "Updated gnomemeeting packages that fix a security issue are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nGnomeMeeting is a tool to communicate with video and audio over the\nInternet.\n\nA format string flaw was found in the way GnomeMeeting processes\ncertain messages. If a user is running GnomeMeeting, a remote attacker\nwho can connect to GnomeMeeting could trigger this flaw and\npotentially execute arbitrary code with the privileges of the user.\n(CVE-2007-1007)\n\nUsers of GnomeMeeting should upgrade to these updated packages which\ncontain a backported patch to correct this issue.", "modified": "2018-11-10T00:00:00", "published": "2007-02-21T00:00:00", "id": "CENTOS_RHSA-2007-0086.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24674", "title": "CentOS 3 / 4 : gnomemeeting (CESA-2007:0086)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2007:0086 and \n# CentOS Errata and Security Advisory 2007:0086 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24674);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/10 11:49:28\");\n\n script_cve_id(\"CVE-2007-1007\");\n script_bugtraq_id(22613);\n script_xref(name:\"RHSA\", value:\"2007:0086\");\n\n script_name(english:\"CentOS 3 / 4 : gnomemeeting (CESA-2007:0086)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote CentOS host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated gnomemeeting packages that fix a security issue are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nGnomeMeeting is a tool to communicate with video and audio over the\nInternet.\n\nA format string flaw was found in the way GnomeMeeting processes\ncertain messages. If a user is running GnomeMeeting, a remote attacker\nwho can connect to GnomeMeeting could trigger this flaw and\npotentially execute arbitrary code with the privileges of the user.\n(CVE-2007-1007)\n\nUsers of GnomeMeeting should upgrade to these updated packages which\ncontain a backported patch to correct this issue.\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013549.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?b6d5d866\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013550.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?7ae913b2\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013551.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?834826ec\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013552.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c74fc2f5\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013556.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3a26653\"\n );\n # https://lists.centos.org/pipermail/centos-announce/2007-February/013557.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ef76e81d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnomemeeting package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:gnomemeeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"CentOS Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/CentOS/release\")) audit(AUDIT_OS_NOT, \"CentOS\");\nif (!get_kb_item(\"Host/CentOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"CentOS\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"CentOS-3\", reference:\"gnomemeeting-0.96.0-5\")) flag++;\n\nif (rpm_check(release:\"CentOS-4\", reference:\"gnomemeeting-1.0.2-9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-09-01T23:45:04", "bulletinFamily": "scanner", "description": "This update fixes format string problems in gnomemeeting.\n(CVE-2007-1007)", "modified": "2018-07-19T00:00:00", "published": "2007-10-17T00:00:00", "id": "SUSE_GNOMEMEETING-3162.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=27241", "title": "openSUSE 10 Security Update : gnomemeeting (gnomemeeting-3162)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update gnomemeeting-3162.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27241);\n script_version (\"1.9\");\n script_cvs_date(\"Date: 2018/07/19 23:54:24\");\n\n script_cve_id(\"CVE-2007-1007\");\n\n script_name(english:\"openSUSE 10 Security Update : gnomemeeting (gnomemeeting-3162)\");\n script_summary(english:\"Check for the gnomemeeting-3162 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes format string problems in gnomemeeting.\n(CVE-2007-1007)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnomemeeting package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:gnomemeeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"gnomemeeting-1.2.2-24.8\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnomemeeting\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:16:24", "bulletinFamily": "scanner", "description": "From Red Hat Security Advisory 2007:0086 :\n\nUpdated gnomemeeting packages that fix a security issue are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nGnomeMeeting is a tool to communicate with video and audio over the\nInternet.\n\nA format string flaw was found in the way GnomeMeeting processes\ncertain messages. If a user is running GnomeMeeting, a remote attacker\nwho can connect to GnomeMeeting could trigger this flaw and\npotentially execute arbitrary code with the privileges of the user.\n(CVE-2007-1007)\n\nUsers of GnomeMeeting should upgrade to these updated packages which\ncontain a backported patch to correct this issue.", "modified": "2018-07-18T00:00:00", "published": "2013-07-12T00:00:00", "id": "ORACLELINUX_ELSA-2007-0086.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67457", "title": "Oracle Linux 3 / 4 : gnomemeeting (ELSA-2007-0086)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2007:0086 and \n# Oracle Linux Security Advisory ELSA-2007-0086 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67457);\n script_version(\"1.5\");\n script_cvs_date(\"Date: 2018/07/18 17:43:55\");\n\n script_cve_id(\"CVE-2007-1007\");\n script_bugtraq_id(22613);\n script_xref(name:\"RHSA\", value:\"2007:0086\");\n\n script_name(english:\"Oracle Linux 3 / 4 : gnomemeeting (ELSA-2007-0086)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2007:0086 :\n\nUpdated gnomemeeting packages that fix a security issue are now\navailable for Red Hat Enterprise Linux.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nGnomeMeeting is a tool to communicate with video and audio over the\nInternet.\n\nA format string flaw was found in the way GnomeMeeting processes\ncertain messages. If a user is running GnomeMeeting, a remote attacker\nwho can connect to GnomeMeeting could trigger this flaw and\npotentially execute arbitrary code with the privileges of the user.\n(CVE-2007-1007)\n\nUsers of GnomeMeeting should upgrade to these updated packages which\ncontain a backported patch to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-February/000053.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000099.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected gnomemeeting package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:gnomemeeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/02/19\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"gnomemeeting-0.96.0-5\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"gnomemeeting-0.96.0-5\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"gnomemeeting-1.0.2-9\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"gnomemeeting-1.0.2-9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnomemeeting\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:13", "bulletinFamily": "scanner", "description": "'Mu Security' discovered that a format string vulnerability in the\nVoIP solution GnomeMeeting allows the execution of arbitrary code.", "modified": "2018-07-20T00:00:00", "published": "2007-03-06T00:00:00", "id": "DEBIAN_DSA-1262.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=24765", "title": "Debian DSA-1262-1 : gnomemeeting - format string", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 70103\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-1262. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(24765);\n script_version(\"1.11\");\n script_cvs_date(\"Date: 2018/07/20 2:17:12\");\n\n script_cve_id(\"CVE-2007-1007\");\n script_xref(name:\"DSA\", value:\"1262\");\n\n script_name(english:\"Debian DSA-1262-1 : gnomemeeting - format string\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"'Mu Security' discovered that a format string vulnerability in the\nVoIP solution GnomeMeeting allows the execution of arbitrary code.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2007/dsa-1262\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the gnomemeeting package.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.2.1-1sarge1.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 2.0.3-2.1 of the ekiga package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gnomemeeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/03/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.1\", prefix:\"gnomemeeting\", reference:\"1.2.1-1sarge1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:55", "bulletinFamily": "scanner", "description": "This update fixes format string problems in gnomemeeting which might\nbe used by remote attackers to crash gnomemeeting and on older\ndistributions potentially execute code. (CVE-2007-1007)", "modified": "2012-05-17T00:00:00", "published": "2007-12-13T00:00:00", "id": "SUSE_GNOMEMEETING-3163.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=29446", "title": "SuSE 10 Security Update : gnomemeeting (ZYPP Patch Number 3163)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(29446);\n script_version (\"$Revision: 1.9 $\");\n script_cvs_date(\"$Date: 2012/05/17 11:05:46 $\");\n\n script_cve_id(\"CVE-2007-1007\");\n\n script_name(english:\"SuSE 10 Security Update : gnomemeeting (ZYPP Patch Number 3163)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update fixes format string problems in gnomemeeting which might\nbe used by remote attackers to crash gnomemeeting and on older\ndistributions potentially execute code. (CVE-2007-1007)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2007-1007.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 3163.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2012 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"gnomemeeting-1.2.2-24.8\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-01-16T20:07:46", "bulletinFamily": "scanner", "description": "Mu Security discovered a format string vulnerability in Ekiga. If a\nuser was running Ekiga and listening for incoming calls, a remote\nattacker could send a crafted call request, and execute arbitrary code\nwith the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2018-11-28T00:00:00", "published": "2007-11-10T00:00:00", "id": "UBUNTU_USN-426-1.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=28019", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : ekiga, gnomemeeting vulnerabilities (USN-426-1)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-426-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(28019);\n script_version(\"1.13\");\n script_cvs_date(\"Date: 2018/11/28 11:42:05\");\n\n script_cve_id(\"CVE-2007-1006\", \"CVE-2007-1007\");\n script_xref(name:\"USN\", value:\"426-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : ekiga, gnomemeeting vulnerabilities (USN-426-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Mu Security discovered a format string vulnerability in Ekiga. If a\nuser was running Ekiga and listening for incoming calls, a remote\nattacker could send a crafted call request, and execute arbitrary code\nwith the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/426-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected ekiga and / or gnomemeeting packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ekiga\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:gnomemeeting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2018 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"gnomemeeting\", pkgver:\"1.2.2-1ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"ekiga\", pkgver:\"2.0.1-0ubuntu6.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"ekiga\", pkgver:\"2.0.3-0ubuntu3.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ekiga / gnomemeeting\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:21", "bulletinFamily": "software", "description": "\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n \r\n Mandriva Linux Security Advisory MDKSA-2007:045\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n \r\n Package : gnomemeeting\r\n Date : February 21, 2007\r\n Affected: Corporate 3.0\r\n _______________________________________________________________________\r\n \r\n Problem Description:\r\n \r\n A format string flaw was discovered in how GnomeMeeting processes\r\n certain messages, which could permit a remote attacker that can\r\n connect to GnomeMeeting to potentially execute arbitrary code with\r\n the privileges of the user running GnomeMeeting.\r\n \r\n Updated package have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n \r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1007\r\n _______________________________________________________________________\r\n \r\n Updated Packages:\r\n \r\n Corporate 3.0:\r\n 15e2472f2e41ab47d507cfb491d7a28d corporate/3.0/i586/gnomemeeting-0.98.5-5.1.C30mdk.i586.rpm \r\n 0e1008ad8663cf490f7fe9bffddcf05c corporate/3.0/SRPMS/gnomemeeting-0.98.5-5.1.C30mdk.src.rpm\r\n\r\n Corporate 3.0/X86_64:\r\n dfb6e715109f6134a3a8497de10fa75e corporate/3.0/x86_64/gnomemeeting-0.98.5-5.1.C30mdk.x86_64.rpm \r\n 0e1008ad8663cf490f7fe9bffddcf05c corporate/3.0/SRPMS/gnomemeeting-0.98.5-5.1.C30mdk.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.6 (GNU/Linux)\r\n\r\niD8DBQFF3DGFmqjQ0CJFipgRAto9AJ9UnhPuzkVqtUeDheOHHd8zAUGu/wCgxAeu\r\ndK0uxHb8mIjKNYXPA6fnAG8=\r\n=w/zI\r\n-----END PGP SIGNATURE-----\r\n", "modified": "2007-02-21T00:00:00", "published": "2007-02-21T00:00:00", "id": "SECURITYVULNS:DOC:16133", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:16133", "title": "[ MDKSA-2007:045 ] - Updated gnomemeeting packages fix string vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:23", "bulletinFamily": "software", "description": "Format string vulnerability on certain messages logging.", "modified": "2007-02-21T00:00:00", "published": "2007-02-21T00:00:00", "id": "SECURITYVULNS:VULN:7274", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:7274", "title": "gnomemeeting / ekiga format string vulnerability", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:28", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[Secunia Advisory ID:24284](https://secuniaresearch.flexerasoftware.com/advisories/24284/)\n[Secunia Advisory ID:24271](https://secuniaresearch.flexerasoftware.com/advisories/24271/)\n[Secunia Advisory ID:24194](https://secuniaresearch.flexerasoftware.com/advisories/24194/)\n[Secunia Advisory ID:24379](https://secuniaresearch.flexerasoftware.com/advisories/24379/)\n[Secunia Advisory ID:25119](https://secuniaresearch.flexerasoftware.com/advisories/25119/)\n[Secunia Advisory ID:24185](https://secuniaresearch.flexerasoftware.com/advisories/24185/)\nRedHat RHSA: RHSA-2007:0086\nOther Advisory URL: http://www.ubuntu.com/usn/usn-426-1\nOther Advisory URL: ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc\nOther Advisory URL: http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00017.html\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2007-May/0002.html\n[CVE-2007-1007](https://vulners.com/cve/CVE-2007-1007)\n", "modified": "2007-02-19T15:37:00", "published": "2007-02-19T15:37:00", "href": "https://vulners.com/osvdb/OSVDB:32083", "id": "OSVDB:32083", "title": "GnomeMeeting gnomemeeting_log_insert name Variable Format String", "type": "osvdb", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "centos": [{"lastseen": "2017-10-12T14:45:17", "bulletinFamily": "unix", "description": "**CentOS Errata and Security Advisory** CESA-2007:0086\n\n\nGnomeMeeting is a tool to communicate with video and audio over the Internet.\r\n\r\nA format string flaw was found in the way GnomeMeeting processes certain\r\nmessages. If a user is running GnomeMeeting, a remote attacker who can\r\nconnect to GnomeMeeting could trigger this flaw and potentially execute\r\narbitrary code with the privileges of the user. (CVE-2007-1007)\r\n\r\nUsers of GnomeMeeting should upgrade to these updated packages which\r\ncontain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013549.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013550.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013551.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013552.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013553.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013554.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013556.html\nhttp://lists.centos.org/pipermail/centos-announce/2007-February/013557.html\n\n**Affected packages:**\ngnomemeeting\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2007-0086.html", "modified": "2007-02-21T17:31:46", "published": "2007-02-20T12:35:03", "href": "http://lists.centos.org/pipermail/centos-announce/2007-February/013549.html", "id": "CESA-2007:0086", "title": "gnomemeeting security update", "type": "centos", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "redhat": [{"lastseen": "2018-12-11T17:42:10", "bulletinFamily": "unix", "description": "GnomeMeeting is a tool to communicate with video and audio over the Internet.\r\n\r\nA format string flaw was found in the way GnomeMeeting processes certain\r\nmessages. If a user is running GnomeMeeting, a remote attacker who can\r\nconnect to GnomeMeeting could trigger this flaw and potentially execute\r\narbitrary code with the privileges of the user. (CVE-2007-1007)\r\n\r\nUsers of GnomeMeeting should upgrade to these updated packages which\r\ncontain a backported patch to correct this issue.", "modified": "2017-09-08T12:14:05", "published": "2007-02-20T05:00:00", "id": "RHSA-2007:0086", "href": "https://access.redhat.com/errata/RHSA-2007:0086", "type": "redhat", "title": "(RHSA-2007:0086) Critical: gnomemeeting security update", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2018-10-16T22:14:37", "bulletinFamily": "unix", "description": "- --------------------------------------------------------------------------\nDebian Security Advisory DSA 1262-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nMarch 4th, 2007 http://www.debian.org/security/faq\n- --------------------------------------------------------------------------\n\nPackage : gnomemeeting\nVulnerability : format string\nProblem-Type : remote\nDebian-specific: no\nCVE ID : CVE-2007-1007\n\n"Mu Security" discovered that a format string vulnerability in \nthe VoIP solution GnomeMeeting allows the execution of arbitrary code.\n\nFor the stable distribution (sarge) this problem has been fixed in\nversion 1.2.1-1sarge1.\n\nFor the upcoming stable distribution (etch) this problem has been\nfixed in version 2.0.3-2.1 of the ekiga package.\n\nFor the unstable distribution (sid) this problem has been fixed in\nversion 2.0.3-2.1 of the ekiga package.\n\nWe recommend that you upgrade your gnomemeeting package.\n\n\nUpgrade Instructions\n- --------------------\n\nwget url\n will fetch the file for you\ndpkg -i file.deb\n will install the referenced file.\n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n will update the internal database\napt-get upgrade\n will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration.\n\n\nDebian GNU/Linux 3.1 alias sarge\n- --------------------------------\n\n Source archives:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1.dsc\n Size/MD5 checksum: 1746 e82643f764d6b43c521cca39a387e8f8\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1.diff.gz\n Size/MD5 checksum: 22888 194f7471c22e1c81d5ab4325603e0cd1\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1.orig.tar.gz\n Size/MD5 checksum: 5525398 93829f3eee783f32eaefebc9e717fb89\n\n Alpha architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_alpha.deb\n Size/MD5 checksum: 3146922 f500df544b335593a2bb9431cbd21592\n\n AMD64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_amd64.deb\n Size/MD5 checksum: 3119044 672fbec91d13256a46a8803486a03346\n\n ARM architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_arm.deb\n Size/MD5 checksum: 3089174 45beb5e78751eddbb13bd812b464cfb2\n\n HP Precision architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_hppa.deb\n Size/MD5 checksum: 3119086 7f92e053556ba684c120aa83c7a7c114\n\n Intel IA-32 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_i386.deb\n Size/MD5 checksum: 3105396 4883efb8f1da3aa1641e249f50030f10\n\n Intel IA-64 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_ia64.deb\n Size/MD5 checksum: 3192488 393b4321afb3e4077a3958d686fa02a1\n\n Motorola 680x0 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_m68k.deb\n Size/MD5 checksum: 3080404 d9663a63d7077b2a0cd81722a44e53d0\n\n Big endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_mips.deb\n Size/MD5 checksum: 3131084 2c7367aabe62f5f9169fc81ea217c448\n\n Little endian MIPS architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_mipsel.deb\n Size/MD5 checksum: 3123832 ca06f5a2993f0b1ded5834ed1077e969\n\n PowerPC architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_powerpc.deb\n Size/MD5 checksum: 3103054 22b5b85dd549856800375f06cfc0dfa6\n\n IBM S/390 architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_s390.deb\n Size/MD5 checksum: 3110952 bcf48d4d889661c1659c1afcbeaa2d24\n\n Sun Sparc architecture:\n\n http://security.debian.org/pool/updates/main/g/gnomemeeting/gnomemeeting_1.2.1-1sarge1_sparc.deb\n Size/MD5 checksum: 3093420 1d6df4cf0981cf802be3d9b06075ec41\n\n\n These files will probably be moved into the stable distribution on\n its next update.\n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>\n", "modified": "2007-03-04T00:00:00", "published": "2007-03-04T00:00:00", "id": "DEBIAN:DSA-1262-1:361B7", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00017.html", "title": "[SECURITY] [DSA 1262-1] New gnomemeeting packages fix arbitrary code execution", "type": "debian", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "ubuntu": [{"lastseen": "2019-01-29T20:33:49", "bulletinFamily": "unix", "description": "Mu Security discovered a format string vulnerability in Ekiga. If a user was running Ekiga and listening for incoming calls, a remote attacker could send a crafted call request, and execute arbitrary code with the user\u2019s privileges.", "modified": "2007-02-22T00:00:00", "published": "2007-02-22T00:00:00", "id": "USN-426-1", "href": "https://usn.ubuntu.com/426-1/", "title": "Ekiga vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}