Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier create temporary files insecurely, with unknown impact and attack vectors, a different vulnerability than CVE-2005-1916.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ekg | ekg | 1.5_rc1 |
| ekg | ekg | 1.4 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.1 |
| ekg | ekg | 1.1_rc1 |
| ekg | ekg | 1.1_rc2 |
| ekg | ekg | 1.0_rc3 |
| ekg | ekg | 1.0_rc2 |
| ekg | ekg | 1.0 |
| ekg | ekg | 1.5_rc2 |
| ekg | ekg | 1.3 |
A certain contributed script for ekg Gadu Gadu client 1.5 and earlier allows attackers to execute shell commands via unknown attack vectors.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ekg | ekg | 1.5_rc1 |
| ekg | ekg | 1.4 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.1 |
| ekg | ekg | 1.1_rc1 |
| ekg | ekg | 1.1_rc2 |
| ekg | ekg | 1.0_rc3 |
| ekg | ekg | 1.0_rc2 |
| ekg | ekg | 1.0 |
| ekg | ekg | 1.5_rc2 |
| ekg | ekg | 1.3 |
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| centericq | centericq | * |
| kde | kde | 3.2.3 |
| ekg | ekg | 1.4 |
| kde | kde | 3.4.1 |
| ekg | ekg | 1.1_rc1 |
| ekg | ekg | 1.1_rc2 |
| kde | kde | 3.4 |
| kde | kde | 3.3.1 |
| ekg | ekg | 1.0 |
| ekg | ekg | 1.3 |
| kde | kde | 3.3 |
| ekg | ekg | 1.5_rc1 |
| kde | kde | 3.4.0 |
| kde | kde | 3.3.2 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.1 |
| kadu | kadu | * |
| ekg | ekg | 1.0_rc3 |
| ekg | ekg | 1.0_rc2 |
| ekg | ekg | 1.5_rc2 |
Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ekg | ekg | 1.4 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.1 |
| ekg | ekg | 2005-06-05 |
| ekg | ekg | 2005-04-11 |
| ekg | ekg | 1.6_rc1 |
| ekg | ekg | 1.3 |
Multiple "memory alignment errors" in libgadu, as used in ekg before 1.6rc2, Gaim before 1.5.0, and other packages, allows remote attackers to cause a denial of service (bus error) on certain architectures such as SPARC via an incoming message.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ekg | ekg | 1.4 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.1 |
| ekg | ekg | 2005-06-05 |
| ekg | ekg | 2005-04-11 |
| rob_flynn | gaim | * |
| ekg | ekg | 1.6_rc1 |
| ekg | ekg | 1.3 |
Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ekg | ekg | 1.4 |
| ekg | ekg | 1.5 |
| ekg | ekg | 1.1 |
| ekg | ekg | 2005-06-05 |
| ekg | ekg | 2005-04-11 |
| ekg | ekg | 1.6_rc1 |
| ekg | ekg | 1.3 |