MidnightBSD

Advisories for centericq

CVE-2005-1852 HIGH

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
kde kde 3.4.0
ekg ekg 1.5_rc1
ekg ekg 1.1
ekg ekg 1.4
kde kde 3.4
kde kde 3.3.1
ekg ekg 1.3
kde kde 3.2.3
ekg ekg 1.1_rc2
ekg ekg 1.0_rc3
ekg ekg 1.5_rc2
ekg ekg 1.0
kde kde 3.3
kde kde 3.3.2
ekg ekg 1.0_rc2
centericq centericq *
ekg ekg 1.1_rc1
kde kde 3.4.1
kadu kadu *
ekg ekg 1.5
CVE-2005-1914 LOW

CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
centericq centericq 4.8.7.1
centericq centericq 4.12
centericq centericq 4.7.1.3
centericq centericq 4.8.8
centericq centericq 4.7.2.3
centericq centericq 4.9.9.1
centericq centericq 4.9.7
centericq centericq 4.8.6
centericq centericq 4.9.4.1
centericq centericq 4.9.0.1
centericq centericq 4.8.5.1
centericq centericq 4.8.0.1
centericq centericq 4.8.4.1
centericq centericq 4.9.9
centericq centericq 4.13
centericq centericq 4.8.4
centericq centericq 4.9.5
centericq centericq 4.9.11.1
centericq centericq 4.8.3
centericq centericq 4.6.5
centericq centericq 4.8.0
centericq centericq 4.8.2.1
centericq centericq 4.13.0.1
centericq centericq 4.9.0
centericq centericq 4.9.10.1
centericq centericq 4.6.0.3
centericq centericq 4.8.3.1
centericq centericq 4.8.8.1
centericq centericq 4.11.0.1
centericq centericq 4.8.9
centericq centericq 4.9.2
centericq centericq 4.9.7.1
centericq centericq 4.7.7.3
centericq centericq 4.6.9
centericq centericq 4.7.7
centericq centericq 4.5.1.3
centericq centericq 4.9.1
centericq centericq 4.10.0.1
centericq centericq 4.9.3
centericq centericq 4.9.10
centericq centericq 4.20
centericq centericq 4.5.1
centericq centericq 4.9.5.1
centericq centericq 4.6.9.3
centericq centericq 4.6.0
centericq centericq 4.14
centericq centericq 4.9.6.1
centericq centericq 4.7.2
centericq centericq 4.8.5
centericq centericq 4.8.2
centericq centericq 4.9.11
centericq centericq 4.9.1.1
centericq centericq 4.9.12.1
centericq centericq 4.7.8
centericq centericq 4.8.7
centericq centericq 4.9.4
centericq centericq 4.12.0.1
centericq centericq 4.9.3.1
centericq centericq 4.5.0.3
centericq centericq 4.7.1
centericq centericq 4.8.6.1
centericq centericq 4.6.5.3
centericq centericq 4.9.2.1
centericq centericq 4.7.8.3
centericq centericq 4.9.12
centericq centericq 4.9.6
centericq centericq 4.9.8
centericq centericq 4.14.0.1
centericq centericq 4.20.0.1
CVE-2005-3694 HIGH

centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
centericq centericq 4.20.0_r3