MidnightBSD

Advisories for ekg

CVE-2005-1850 HIGH

Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ekg ekg 1.5_rc1
ekg ekg 1.4
ekg ekg 1.5
ekg ekg 1.1
ekg ekg 1.1_rc1
ekg ekg 1.1_rc2
ekg ekg 1.0_rc3
ekg ekg 1.0_rc2
ekg ekg 1.0
ekg ekg 1.5_rc2
ekg ekg 1.3
CVE-2005-1851 HIGH

A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ekg ekg 1.5_rc1
ekg ekg 1.4
ekg ekg 1.5
ekg ekg 1.1
ekg ekg 1.1_rc1
ekg ekg 1.1_rc2
ekg ekg 1.0_rc3
ekg ekg 1.0_rc2
ekg ekg 1.0
ekg ekg 1.5_rc2
ekg ekg 1.3
CVE-2005-1852 HIGH

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
centericq centericq *
kde kde 3.2.3
ekg ekg 1.4
kde kde 3.4.1
ekg ekg 1.1_rc1
ekg ekg 1.1_rc2
kde kde 3.4
kde kde 3.3.1
ekg ekg 1.0
ekg ekg 1.3
kde kde 3.3
ekg ekg 1.5_rc1
kde kde 3.4.0
kde kde 3.3.2
ekg ekg 1.5
ekg ekg 1.1
kadu kadu *
ekg ekg 1.0_rc3
ekg ekg 1.0_rc2
ekg ekg 1.5_rc2
CVE-2005-2369 HIGH

Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ekg ekg 1.4
ekg ekg 1.5
ekg ekg 1.1
ekg ekg 2005-06-05
ekg ekg 2005-04-11
ekg ekg 1.6_rc1
ekg ekg 1.3
CVE-2005-2370 MEDIUM

Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
ekg ekg 1.4
ekg ekg 1.5
ekg ekg 1.1
ekg ekg 2005-06-05
ekg ekg 2005-04-11
rob_flynn gaim *
ekg ekg 1.6_rc1
ekg ekg 1.3
CVE-2005-2448 MEDIUM

Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ekg ekg 1.4
ekg ekg 1.5
ekg ekg 1.1
ekg ekg 2005-06-05
ekg ekg 2005-04-11
ekg ekg 1.6_rc1
ekg ekg 1.3