Vulnerabilites related to centericq - centericq
Vulnerability from fkie_nvd
Published
2005-07-26 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ekg | ekg | 1.0 | |
| ekg | ekg | 1.0_rc2 | |
| ekg | ekg | 1.0_rc3 | |
| ekg | ekg | 1.1 | |
| ekg | ekg | 1.1_rc1 | |
| ekg | ekg | 1.1_rc2 | |
| ekg | ekg | 1.3 | |
| ekg | ekg | 1.4 | |
| ekg | ekg | 1.5 | |
| ekg | ekg | 1.5_rc1 | |
| ekg | ekg | 1.5_rc2 | |
| kde | kde | 3.2.3 | |
| kde | kde | 3.3 | |
| kde | kde | 3.3.1 | |
| kde | kde | 3.3.2 | |
| kde | kde | 3.4 | |
| kde | kde | 3.4.0 | |
| kde | kde | 3.4.1 | |
| centericq | centericq | * | |
| kadu | kadu | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:ekg:ekg:1.0:*:*:*:*:*:*:*", matchCriteriaId: "13F32A39-4443-46C9-8E14-08AA59BC1CC2", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.0_rc2:*:*:*:*:*:*:*", matchCriteriaId: "6531EE56-D685-4276-A911-E69C80F86561", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.0_rc3:*:*:*:*:*:*:*", matchCriteriaId: "28012535-7CAD-456E-86A5-649CF21E28F9", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.1:*:*:*:*:*:*:*", matchCriteriaId: "74A32270-8C65-4ED4-96CB-B389B97587A7", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.1_rc1:*:*:*:*:*:*:*", matchCriteriaId: "B6A305C4-F461-429D-90F8-3FCC04D07635", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.1_rc2:*:*:*:*:*:*:*", matchCriteriaId: "CF945FFF-C0D9-4C56-8B43-3ABE9530E939", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.3:*:*:*:*:*:*:*", matchCriteriaId: "17988E27-6C98-48B4-8779-4EF69E8DBD42", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.4:*:*:*:*:*:*:*", matchCriteriaId: "12FCB0EE-8BCE-4E68-B78D-A57E8E9DEC92", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.5:*:*:*:*:*:*:*", matchCriteriaId: "D723B90C-9746-4F94-A8A3-273240A2CBCA", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.5_rc1:*:*:*:*:*:*:*", matchCriteriaId: "6D2E4CA2-0024-4F4E-AB1C-328539E17451", vulnerable: true, }, { criteria: "cpe:2.3:a:ekg:ekg:1.5_rc2:*:*:*:*:*:*:*", matchCriteriaId: "FAC21287-D631-4836-9945-9673A2BC9C7D", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:o:kde:kde:3.2.3:*:*:*:*:*:*:*", matchCriteriaId: "D17407A2-089E-43A5-9BD5-EFF966F5CC16", vulnerable: true, }, { criteria: "cpe:2.3:o:kde:kde:3.3:*:*:*:*:*:*:*", matchCriteriaId: "9C4B436D-8D6A-473E-B707-26147208808B", vulnerable: true, }, { criteria: "cpe:2.3:o:kde:kde:3.3.1:*:*:*:*:*:*:*", matchCriteriaId: "1E26B353-4985-4116-B97A-5767CDC732F1", vulnerable: true, }, { criteria: "cpe:2.3:o:kde:kde:3.3.2:*:*:*:*:*:*:*", matchCriteriaId: "9F7180B3-03AC-427C-8CAD-FE06F81C4FF1", vulnerable: true, }, { criteria: "cpe:2.3:o:kde:kde:3.4:*:*:*:*:*:*:*", matchCriteriaId: "442021C9-BE4D-4BC9-8114-8BEFA9EC1232", vulnerable: true, }, { criteria: "cpe:2.3:o:kde:kde:3.4.0:*:*:*:*:*:*:*", matchCriteriaId: "D600E27F-A1D6-42C7-8ED1-FD508F5B3AB1", vulnerable: true, }, { criteria: "cpe:2.3:o:kde:kde:3.4.1:*:*:*:*:*:*:*", matchCriteriaId: "7036AE90-C7E0-48CE-805D-3F1E04852675", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:centericq:centericq:*:*:*:*:*:*:*:*", matchCriteriaId: "865F252C-CC39-47D8-BCFD-66E3E331E514", vulnerable: true, }, { criteria: "cpe:2.3:a:kadu:kadu:*:*:*:*:*:*:*:*", matchCriteriaId: "0215DF17-C015-41E1-91F0-9D216209105C", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.", }, { lang: "es", value: "Múltiples desbordamientos de búfer en libgadu, usado en Kopete en KDE 3.2.3 hasta la 3.4.1, ekg anteriores a 1.6rc3, GNU Gadu, CenterICQ, Kadu, y otros paquetes, permite que atacantes remotos causen una denegación de servicio (caída) y posiblemente ejecuten código arbitrario mediante un mensaje de entrada.", }, ], id: "CVE-2005-1852", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: true, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-26T04:00:00.000", references: [ { source: "security@debian.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://lwn.net/Articles/144724/", }, { source: "security@debian.org", url: "http://marc.info/?l=bugtraq&m=112198499417250&w=2", }, { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16140", }, { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16155", }, { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16211", }, { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16242", }, { source: "security@debian.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200507-23.xml", }, { source: "security@debian.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml", }, { source: "security@debian.org", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.kde.org/info/security/advisory-20050721-1.txt", }, { source: "security@debian.org", url: "http://www.novell.com/linux/security/advisories/2005_19_sr.html", }, { source: "security@debian.org", url: "http://www.redhat.com/support/errata/RHSA-2005-639.html", }, { source: "security@debian.org", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/14345", }, { source: "security@debian.org", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9532", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://lwn.net/Articles/144724/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://marc.info/?l=bugtraq&m=112198499417250&w=2", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16140", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16155", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16211", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://secunia.com/advisories/16242", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://security.gentoo.org/glsa/glsa-200507-23.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.kde.org/info/security/advisory-20050721-1.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.novell.com/linux/security/advisories/2005_19_sr.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.redhat.com/support/errata/RHSA-2005-639.html", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", ], url: "http://www.securityfocus.com/bid/14345", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9532", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-189", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2007-01-10 00:28
Modified
2025-04-09 00:30
Severity ?
Summary
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:centericq:centericq:4.9.11:*:*:*:*:*:*:*", matchCriteriaId: "BF0ACE60-DE41-43A1-BE91-A12573457757", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.12:*:*:*:*:*:*:*", matchCriteriaId: "0C09B7EF-8FAE-4DB6-9C47-39B70F30B988", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.12:*:*:*:*:*:*:*", matchCriteriaId: "1BC23E15-D1DD-46A5-BAEB-C985C4E6B354", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.13:*:*:*:*:*:*:*", matchCriteriaId: "C9823A36-1B02-4F28-BA93-7D0065253D04", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.14:*:*:*:*:*:*:*", matchCriteriaId: "8EE7391D-D3C7-4ACB-B76F-0D230243B392", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.20:*:*:*:*:*:*:*", matchCriteriaId: "CDDEC439-FC61-4C6F-887C-9B30D9440055", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.21:*:*:*:*:*:*:*", matchCriteriaId: "40D97C71-684F-4E8E-89BB-B69E39E27813", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.", }, { lang: "es", value: "Un desbordamiento de búfer en la región stack de la memoria en el soporte LiveJournal (hooks/ljhook.cc) en CenterICQ versión 4.9.11 hasta versión 4.21.0, cuando se utilizan servidores LiveJournal no oficiales, permite a los atacantes remotos causar una denegación de servicio (bloqueo) y posiblemente ejecutar código arbitrario mediante la adición de la víctima como amigo y el uso de (1) nombre de usuario largos y (2) cadenas de nombre real largas.", }, ], evaluatorSolution: "Failed exploitation attempts will likely result in a denial-of-service condition.", id: "CVE-2007-0160", lastModified: "2025-04-09T00:30:58.490", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: true, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2007-01-10T00:28:00.000", references: [ { source: "cve@mitre.org", url: "http://osvdb.org/33408", }, { source: "cve@mitre.org", url: "http://securityreason.com/securityalert/2129", }, { source: "cve@mitre.org", url: "http://securitytracker.com/id?1017545", }, { source: "cve@mitre.org", url: "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml", }, { source: "cve@mitre.org", url: "http://www.securityfocus.com/archive/1/456255/100/0/threaded", }, { source: "cve@mitre.org", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/21932", }, { source: "cve@mitre.org", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/0306", }, { source: "cve@mitre.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://osvdb.org/33408", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securityreason.com/securityalert/2129", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://securitytracker.com/id?1017545", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/archive/1/456255/100/0/threaded", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "http://www.securityfocus.com/bid/21932", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.vupen.com/english/advisories/2007/0306", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "CWE-119", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-11-20 20:03
Modified
2025-04-03 01:03
Severity ?
Summary
centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:centericq:centericq:4.20.0_r3:*:*:*:*:*:*:*", matchCriteriaId: "663C476C-2226-44A7-930B-A41F5AE40A97", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "centericq 4.20.0-r3 with \"Enable peer-to-peer communications\" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.", }, ], id: "CVE-2005-3694", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "COMPLETE", baseScore: 7.8, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:C", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-11-20T20:03:00.000", references: [ { source: "security@debian.org", tags: [ "Vendor Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", }, { source: "security@debian.org", url: "http://secunia.com/advisories/17798", }, { source: "security@debian.org", url: "http://secunia.com/advisories/17818", }, { source: "security@debian.org", url: "http://secunia.com/advisories/18081", }, { source: "security@debian.org", url: "http://security.gentoo.org/glsa/glsa-200512-11.xml", }, { source: "security@debian.org", url: "http://www.debian.org/security/2005/dsa-912", }, { source: "security@debian.org", url: "http://www.osvdb.org/21270", }, { source: "security@debian.org", url: "http://www.securityfocus.com/bid/15649", }, { source: "security@debian.org", url: "https://bugs.gentoo.org/show_bug.cgi?id=100519", }, { source: "security@debian.org", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/23327", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17798", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/17818", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://secunia.com/advisories/18081", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://security.gentoo.org/glsa/glsa-200512-11.xml", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.debian.org/security/2005/dsa-912", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.osvdb.org/21270", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/15649", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://bugs.gentoo.org/show_bug.cgi?id=100519", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/23327", }, ], sourceIdentifier: "security@debian.org", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2005-07-18 04:00
Modified
2025-04-03 01:03
Severity ?
Summary
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
References
Impacted products
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:centericq:centericq:4.5.0.3:*:*:*:*:*:*:*", matchCriteriaId: "BCCBE8AE-0EEC-47B2-8035-92214D3F6758", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.5.1:*:*:*:*:*:*:*", matchCriteriaId: "E6CC839E-C455-437E-802F-5005F961FD16", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.5.1.3:*:*:*:*:*:*:*", matchCriteriaId: "2AA6C76D-65C1-4964-BF73-5857A83B47CF", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.6.0:*:*:*:*:*:*:*", matchCriteriaId: "584CF003-3F36-4657-A29D-B663E37C8185", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.6.0.3:*:*:*:*:*:*:*", matchCriteriaId: "A06A8E51-EE71-44C5-86BC-56E80C0CD749", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.6.5:*:*:*:*:*:*:*", matchCriteriaId: "5C66D704-5C59-43F5-83A7-DDCA8091FF3C", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.6.5.3:*:*:*:*:*:*:*", matchCriteriaId: "94147E48-5408-4166-9F5E-9959920F001D", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.6.9:*:*:*:*:*:*:*", matchCriteriaId: "AF7D7062-2846-49AC-9A50-C3C94EE406FA", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.6.9.3:*:*:*:*:*:*:*", matchCriteriaId: "37CDBE0E-0F53-497C-9938-5F43A58C43B4", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.1:*:*:*:*:*:*:*", matchCriteriaId: "DFCF3DED-8400-4C01-B024-B72A38D25344", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.1.3:*:*:*:*:*:*:*", matchCriteriaId: "692C8394-89BC-4D45-93EE-7298F280AA8F", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.2:*:*:*:*:*:*:*", matchCriteriaId: "3B542683-239D-45AF-A03C-8756E227236F", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.2.3:*:*:*:*:*:*:*", matchCriteriaId: "169063FC-8F03-4DCC-83E9-B409955ADEB3", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.7:*:*:*:*:*:*:*", matchCriteriaId: "D5089220-5A3C-452E-9297-90E10626F12A", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.7.3:*:*:*:*:*:*:*", matchCriteriaId: "B9B597EB-6911-4635-8AE0-328566C7578B", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.8:*:*:*:*:*:*:*", matchCriteriaId: "44BA00BE-7D8E-4941-ACB2-181615E4F8DA", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.7.8.3:*:*:*:*:*:*:*", matchCriteriaId: "D11A8822-324B-4362-883D-0036033F1C8E", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.0:*:*:*:*:*:*:*", matchCriteriaId: "8A2D16B5-2069-444B-BFFC-E71265484174", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.0.1:*:*:*:*:*:*:*", matchCriteriaId: "CC176137-99C2-4464-B2FC-5723D313DDDE", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.2:*:*:*:*:*:*:*", matchCriteriaId: "FBCC1C14-038F-4C84-A818-29A597BA318A", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.2.1:*:*:*:*:*:*:*", matchCriteriaId: "218B7E73-CAC4-4031-BAE7-5D0FF7FA7B1E", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.3:*:*:*:*:*:*:*", matchCriteriaId: "A7C4A10E-0CD2-4FBC-9B71-497B59E30E07", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.3.1:*:*:*:*:*:*:*", matchCriteriaId: "CB15417E-54DC-4C5C-AF2B-9981AEDBB204", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.4:*:*:*:*:*:*:*", matchCriteriaId: "32FE8DB7-1640-4025-8A48-D4509DE43710", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.4.1:*:*:*:*:*:*:*", matchCriteriaId: "C65DC489-A0C9-4A75-B1C5-48664149B248", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.5:*:*:*:*:*:*:*", matchCriteriaId: "F98BD0AF-D08B-425B-9AA6-B7CA64DB86AA", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.5.1:*:*:*:*:*:*:*", matchCriteriaId: "C645D83F-719F-4A1D-BED4-331434143513", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.6:*:*:*:*:*:*:*", matchCriteriaId: "CEDDD7B8-7082-4BDB-9930-A918C1C17C51", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.6.1:*:*:*:*:*:*:*", matchCriteriaId: "DA84107B-3FC4-469E-82E2-B3AB88D5933B", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.7:*:*:*:*:*:*:*", matchCriteriaId: "92B14DFE-82C3-470A-B69F-723B5D695F87", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.7.1:*:*:*:*:*:*:*", matchCriteriaId: "8BA38135-C3CE-4CF7-BB1C-C206381F5746", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.8:*:*:*:*:*:*:*", matchCriteriaId: "6F7E355E-851C-4BA1-920A-C9199590F4A2", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.8.1:*:*:*:*:*:*:*", matchCriteriaId: "E08451E4-DE0F-4A03-99A2-8DABBBD19673", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.8.9:*:*:*:*:*:*:*", matchCriteriaId: "8FFFA3B0-4178-46B3-B0BC-36D94508CB11", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.0:*:*:*:*:*:*:*", matchCriteriaId: "AC88F504-56AE-4177-BBB8-8D3DA12B5986", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.0.1:*:*:*:*:*:*:*", matchCriteriaId: "C06E7D6A-6A68-483E-9A86-AF7584DD79C1", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.1:*:*:*:*:*:*:*", matchCriteriaId: "4D327FC3-A968-4FF5-B5E8-961BBE73C527", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.1.1:*:*:*:*:*:*:*", matchCriteriaId: "7E58DE8E-9EFC-42DA-B8FE-7A197B2B6C59", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.2:*:*:*:*:*:*:*", matchCriteriaId: "BAAACE2C-A4B7-4DE1-8F22-D3D531AC3B95", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.2.1:*:*:*:*:*:*:*", matchCriteriaId: "FF0301CC-47C2-4B5D-B209-9EC17CC7342A", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.3:*:*:*:*:*:*:*", matchCriteriaId: "48652F05-E788-4657-99A6-A823361FF2F5", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.3.1:*:*:*:*:*:*:*", matchCriteriaId: "66475E5F-109E-4798-862C-4777CA43C8E5", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.4:*:*:*:*:*:*:*", matchCriteriaId: "98FC4971-E41C-433B-BEB9-A929D989502B", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.4.1:*:*:*:*:*:*:*", matchCriteriaId: "8FD5258C-3794-4B8F-9FD0-B2C2C11BB20E", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.5:*:*:*:*:*:*:*", matchCriteriaId: "E302A0A4-9B88-4303-ACCF-F61FEF5D6CCF", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.5.1:*:*:*:*:*:*:*", matchCriteriaId: "3C20BEB2-F7F6-4F65-8CA9-359D1A458657", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.6:*:*:*:*:*:*:*", matchCriteriaId: "CCC6E591-2E03-4C35-BA41-ED83A6A35DA4", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.6.1:*:*:*:*:*:*:*", matchCriteriaId: "3A729142-715C-4342-8A9A-82A927F7D4D3", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.7:*:*:*:*:*:*:*", matchCriteriaId: "EFEC2193-E72E-4E88-AF12-3DA17F317957", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.7.1:*:*:*:*:*:*:*", matchCriteriaId: "4B7A9C2C-2D27-4B4D-8243-6CFF71B5B89C", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.8:*:*:*:*:*:*:*", matchCriteriaId: "8247CA7B-63D0-40B4-BDEB-F7F6977A7A17", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.9:*:*:*:*:*:*:*", matchCriteriaId: "D228190A-0147-43F5-9F5A-FF3D9FAA12BA", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.9.1:*:*:*:*:*:*:*", matchCriteriaId: "46494445-C015-49FC-BC22-6CF11DB9E524", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.10:*:*:*:*:*:*:*", matchCriteriaId: "AF480B43-39B5-4CC4-9618-604E7F6BEA8C", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.10.1:*:*:*:*:*:*:*", matchCriteriaId: "A9327469-2982-4C33-B5B1-70C43BC9BECF", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.11:*:*:*:*:*:*:*", matchCriteriaId: "BF0ACE60-DE41-43A1-BE91-A12573457757", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.11.1:*:*:*:*:*:*:*", matchCriteriaId: "F60E9DD9-9DB5-4FD4-88CC-5B9C09F31195", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.12:*:*:*:*:*:*:*", matchCriteriaId: "0C09B7EF-8FAE-4DB6-9C47-39B70F30B988", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.9.12.1:*:*:*:*:*:*:*", matchCriteriaId: "0DCF7591-6577-4B60-A3B4-F414323743EE", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.10.0.1:*:*:*:*:*:*:*", matchCriteriaId: "5FFF31C2-6F14-4F93-84E2-E596168491CD", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.11.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4362F3D2-9BAD-4BD9-BDAC-FAE98EAA3C76", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.12:*:*:*:*:*:*:*", matchCriteriaId: "1BC23E15-D1DD-46A5-BAEB-C985C4E6B354", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.12.0.1:*:*:*:*:*:*:*", matchCriteriaId: "D542930E-3BD8-476A-A48B-1DD7BA31558C", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.13:*:*:*:*:*:*:*", matchCriteriaId: "C9823A36-1B02-4F28-BA93-7D0065253D04", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.13.0.1:*:*:*:*:*:*:*", matchCriteriaId: "4414CBA4-015A-4B9D-AC76-87D4C22E9D06", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.14:*:*:*:*:*:*:*", matchCriteriaId: "8EE7391D-D3C7-4ACB-B76F-0D230243B392", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.14.0.1:*:*:*:*:*:*:*", matchCriteriaId: "E3003A41-6620-4263-8151-31B9FEAF3DA6", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.20:*:*:*:*:*:*:*", matchCriteriaId: "CDDEC439-FC61-4C6F-887C-9B30D9440055", vulnerable: true, }, { criteria: "cpe:2.3:a:centericq:centericq:4.20.0.1:*:*:*:*:*:*:*", matchCriteriaId: "3A664988-0D0D-4F0A-B127-DEFF76FBD877", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.", }, { lang: "es", value: "CenterICQ 4.20.0 y anteriores crea ficheros temporales con nombres de ficheros predecibles, lo que permite que usuarios locales sobreescriban ficheros arbitrarios mediante un ataque de enlaces simbólicos en el fichero temporal \"gg.token.PID\".", }, ], id: "CVE-2005-1914", lastModified: "2025-04-03T01:03:51.193", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "LOW", cvssData: { accessComplexity: "LOW", accessVector: "LOCAL", authentication: "NONE", availabilityImpact: "NONE", baseScore: 2.1, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:L/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 3.9, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], }, published: "2005-07-18T04:00:00.000", references: [ { source: "secalert@redhat.com", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.debian.org/security/2005/dsa-754", }, { source: "secalert@redhat.com", url: "http://www.securityfocus.com/bid/14144", }, { source: "secalert@redhat.com", tags: [ "Vendor Advisory", ], url: "http://www.zataz.net/adviso/centericq-06152005.txt", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Patch", "Vendor Advisory", ], url: "http://www.debian.org/security/2005/dsa-754", }, { source: "af854a3a-2127-422b-91ae-364da2661108", url: "http://www.securityfocus.com/bid/14144", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "http://www.zataz.net/adviso/centericq-06152005.txt", }, ], sourceIdentifier: "secalert@redhat.com", vulnStatus: "Deferred", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-Other", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
cve-2005-1852
Vulnerability from cvelistv5
Published
2005-07-26 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:06:57.721Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://www.kde.org/info/security/advisory-20050721-1.txt", }, { name: "16140", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16140", }, { name: "oval:org.mitre.oval:def:9532", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9532", }, { name: "GLSA-200507-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml", }, { name: "14345", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14345", }, { name: "16242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16242", }, { name: "GLSA-200507-23", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200507-23.xml", }, { name: "SUSE-SR:2005:019", tags: [ "vendor-advisory", "x_refsource_SUSE", "x_transferred", ], url: "http://www.novell.com/linux/security/advisories/2005_19_sr.html", }, { name: "20050721 Multiple vulnerabilities in libgadu and ekg package", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://marc.info/?l=bugtraq&m=112198499417250&w=2", }, { name: "RHSA-2005:639", tags: [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred", ], url: "http://www.redhat.com/support/errata/RHSA-2005-639.html", }, { name: "FEDORA-2005-624", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "http://lwn.net/Articles/144724/", }, { name: "16211", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16211", }, { name: "16155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/16155", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-07-21T00:00:00", descriptions: [ { lang: "en", value: "Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-10-10T00:57:01", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "http://www.kde.org/info/security/advisory-20050721-1.txt", }, { name: "16140", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16140", }, { name: "oval:org.mitre.oval:def:9532", tags: [ "vdb-entry", "signature", "x_refsource_OVAL", ], url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9532", }, { name: "GLSA-200507-26", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml", }, { name: "14345", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14345", }, { name: "16242", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16242", }, { name: "GLSA-200507-23", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200507-23.xml", }, { name: "SUSE-SR:2005:019", tags: [ "vendor-advisory", "x_refsource_SUSE", ], url: "http://www.novell.com/linux/security/advisories/2005_19_sr.html", }, { name: "20050721 Multiple vulnerabilities in libgadu and ekg package", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://marc.info/?l=bugtraq&m=112198499417250&w=2", }, { name: "RHSA-2005:639", tags: [ "vendor-advisory", "x_refsource_REDHAT", ], url: "http://www.redhat.com/support/errata/RHSA-2005-639.html", }, { name: "FEDORA-2005-624", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "http://lwn.net/Articles/144724/", }, { name: "16211", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16211", }, { name: "16155", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/16155", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2005-1852", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.kde.org/info/security/advisory-20050721-1.txt", refsource: "CONFIRM", url: "http://www.kde.org/info/security/advisory-20050721-1.txt", }, { name: "16140", refsource: "SECUNIA", url: "http://secunia.com/advisories/16140", }, { name: "oval:org.mitre.oval:def:9532", refsource: "OVAL", url: "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9532", }, { name: "GLSA-200507-26", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200507-26.xml", }, { name: "14345", refsource: "BID", url: "http://www.securityfocus.com/bid/14345", }, { name: "16242", refsource: "SECUNIA", url: "http://secunia.com/advisories/16242", }, { name: "GLSA-200507-23", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200507-23.xml", }, { name: "SUSE-SR:2005:019", refsource: "SUSE", url: "http://www.novell.com/linux/security/advisories/2005_19_sr.html", }, { name: "20050721 Multiple vulnerabilities in libgadu and ekg package", refsource: "BUGTRAQ", url: "http://marc.info/?l=bugtraq&m=112198499417250&w=2", }, { name: "RHSA-2005:639", refsource: "REDHAT", url: "http://www.redhat.com/support/errata/RHSA-2005-639.html", }, { name: "FEDORA-2005-624", refsource: "FEDORA", url: "http://lwn.net/Articles/144724/", }, { name: "16211", refsource: "SECUNIA", url: "http://secunia.com/advisories/16211", }, { name: "16155", refsource: "SECUNIA", url: "http://secunia.com/advisories/16155", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2005-1852", datePublished: "2005-07-26T04:00:00", dateReserved: "2005-06-06T00:00:00", dateUpdated: "2024-08-07T22:06:57.721Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-3694
Vulnerability from cvelistv5
Published
2005-11-20 20:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/23327 | vdb-entry, x_refsource_XF | |
| https://bugs.gentoo.org/show_bug.cgi?id=100519 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200512-11.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.osvdb.org/21270 | vdb-entry, x_refsource_OSVDB | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/15649 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2005/dsa-912 | vendor-advisory, x_refsource_DEBIAN | |
| http://secunia.com/advisories/17798 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/17818 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/18081 | third-party-advisory, x_refsource_SECUNIA |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T23:17:23.623Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "centericq-zero-length-dos(23327)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/23327", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=100519", }, { name: "GLSA-200512-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://security.gentoo.org/glsa/glsa-200512-11.xml", }, { name: "21270", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://www.osvdb.org/21270", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", }, { name: "15649", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/15649", }, { name: "DSA-912", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-912", }, { name: "17798", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17798", }, { name: "17818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/17818", }, { name: "18081", tags: [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred", ], url: "http://secunia.com/advisories/18081", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2005-11-19T00:00:00", descriptions: [ { lang: "en", value: "centericq 4.20.0-r3 with \"Enable peer-to-peer communications\" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2017-07-10T14:57:01", orgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", shortName: "debian", }, references: [ { name: "centericq-zero-length-dos(23327)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/23327", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://bugs.gentoo.org/show_bug.cgi?id=100519", }, { name: "GLSA-200512-11", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://security.gentoo.org/glsa/glsa-200512-11.xml", }, { name: "21270", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://www.osvdb.org/21270", }, { tags: [ "x_refsource_CONFIRM", ], url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", }, { name: "15649", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/15649", }, { name: "DSA-912", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-912", }, { name: "17798", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17798", }, { name: "17818", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/17818", }, { name: "18081", tags: [ "third-party-advisory", "x_refsource_SECUNIA", ], url: "http://secunia.com/advisories/18081", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@debian.org", ID: "CVE-2005-3694", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "centericq 4.20.0-r3 with \"Enable peer-to-peer communications\" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "centericq-zero-length-dos(23327)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/23327", }, { name: "https://bugs.gentoo.org/show_bug.cgi?id=100519", refsource: "CONFIRM", url: "https://bugs.gentoo.org/show_bug.cgi?id=100519", }, { name: "GLSA-200512-11", refsource: "GENTOO", url: "http://security.gentoo.org/glsa/glsa-200512-11.xml", }, { name: "21270", refsource: "OSVDB", url: "http://www.osvdb.org/21270", }, { name: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", refsource: "CONFIRM", url: "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=334089", }, { name: "15649", refsource: "BID", url: "http://www.securityfocus.com/bid/15649", }, { name: "DSA-912", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-912", }, { name: "17798", refsource: "SECUNIA", url: "http://secunia.com/advisories/17798", }, { name: "17818", refsource: "SECUNIA", url: "http://secunia.com/advisories/17818", }, { name: "18081", refsource: "SECUNIA", url: "http://secunia.com/advisories/18081", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "79363d38-fa19-49d1-9214-5f28da3f3ac5", assignerShortName: "debian", cveId: "CVE-2005-3694", datePublished: "2005-11-20T20:00:00", dateReserved: "2005-11-20T00:00:00", dateUpdated: "2024-08-07T23:17:23.623Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2005-1914
Vulnerability from cvelistv5
Published
2005-07-17 04:00
Modified
2024-09-16 23:35
Severity ?
EPSS score ?
Summary
CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.zataz.net/adviso/centericq-06152005.txt | x_refsource_MISC | |
| http://www.debian.org/security/2005/dsa-754 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/14144 | vdb-entry, x_refsource_BID |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T22:06:57.720Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://www.zataz.net/adviso/centericq-06152005.txt", }, { name: "DSA-754", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "http://www.debian.org/security/2005/dsa-754", }, { name: "14144", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/14144", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2005-07-17T04:00:00Z", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_MISC", ], url: "http://www.zataz.net/adviso/centericq-06152005.txt", }, { name: "DSA-754", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "http://www.debian.org/security/2005/dsa-754", }, { name: "14144", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/14144", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "secalert@redhat.com", ID: "CVE-2005-1914", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "CenterICQ 4.20.0 and earlier creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "http://www.zataz.net/adviso/centericq-06152005.txt", refsource: "MISC", url: "http://www.zataz.net/adviso/centericq-06152005.txt", }, { name: "DSA-754", refsource: "DEBIAN", url: "http://www.debian.org/security/2005/dsa-754", }, { name: "14144", refsource: "BID", url: "http://www.securityfocus.com/bid/14144", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2005-1914", datePublished: "2005-07-17T04:00:00Z", dateReserved: "2005-06-08T00:00:00Z", dateUpdated: "2024-09-16T23:35:53.507Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2007-0160
Vulnerability from cvelistv5
Published
2007-01-10 00:00
Modified
2024-08-07 12:12
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/2129 | third-party-advisory, x_refsource_SREASON | |
| http://www.securityfocus.com/bid/21932 | vdb-entry, x_refsource_BID | |
| http://www.vupen.com/english/advisories/2007/0306 | vdb-entry, x_refsource_VUPEN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/31330 | vdb-entry, x_refsource_XF | |
| http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml | vendor-advisory, x_refsource_GENTOO | |
| http://securitytracker.com/id?1017545 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/456255/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://osvdb.org/33408 | vdb-entry, x_refsource_OSVDB |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-07T12:12:17.411Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { name: "2129", tags: [ "third-party-advisory", "x_refsource_SREASON", "x_transferred", ], url: "http://securityreason.com/securityalert/2129", }, { name: "21932", tags: [ "vdb-entry", "x_refsource_BID", "x_transferred", ], url: "http://www.securityfocus.com/bid/21932", }, { name: "ADV-2007-0306", tags: [ "vdb-entry", "x_refsource_VUPEN", "x_transferred", ], url: "http://www.vupen.com/english/advisories/2007/0306", }, { name: "centericq-username-bo(31330)", tags: [ "vdb-entry", "x_refsource_XF", "x_transferred", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330", }, { name: "GLSA-200701-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml", }, { name: "1017545", tags: [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred", ], url: "http://securitytracker.com/id?1017545", }, { name: "20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling", tags: [ "mailing-list", "x_refsource_BUGTRAQ", "x_transferred", ], url: "http://www.securityfocus.com/archive/1/456255/100/0/threaded", }, { name: "33408", tags: [ "vdb-entry", "x_refsource_OSVDB", "x_transferred", ], url: "http://osvdb.org/33408", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], datePublic: "2007-01-07T00:00:00", descriptions: [ { lang: "en", value: "Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2018-10-16T14:57:01", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { name: "2129", tags: [ "third-party-advisory", "x_refsource_SREASON", ], url: "http://securityreason.com/securityalert/2129", }, { name: "21932", tags: [ "vdb-entry", "x_refsource_BID", ], url: "http://www.securityfocus.com/bid/21932", }, { name: "ADV-2007-0306", tags: [ "vdb-entry", "x_refsource_VUPEN", ], url: "http://www.vupen.com/english/advisories/2007/0306", }, { name: "centericq-username-bo(31330)", tags: [ "vdb-entry", "x_refsource_XF", ], url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330", }, { name: "GLSA-200701-20", tags: [ "vendor-advisory", "x_refsource_GENTOO", ], url: "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml", }, { name: "1017545", tags: [ "vdb-entry", "x_refsource_SECTRACK", ], url: "http://securitytracker.com/id?1017545", }, { name: "20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling", tags: [ "mailing-list", "x_refsource_BUGTRAQ", ], url: "http://www.securityfocus.com/archive/1/456255/100/0/threaded", }, { name: "33408", tags: [ "vdb-entry", "x_refsource_OSVDB", ], url: "http://osvdb.org/33408", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2007-0160", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Stack-based buffer overflow in the LiveJournal support (hooks/ljhook.cc) in CenterICQ 4.9.11 through 4.21.0, when using unofficial LiveJournal servers, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by adding the victim as a friend and using long (1) username and (2) real name strings.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "2129", refsource: "SREASON", url: "http://securityreason.com/securityalert/2129", }, { name: "21932", refsource: "BID", url: "http://www.securityfocus.com/bid/21932", }, { name: "ADV-2007-0306", refsource: "VUPEN", url: "http://www.vupen.com/english/advisories/2007/0306", }, { name: "centericq-username-bo(31330)", refsource: "XF", url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/31330", }, { name: "GLSA-200701-20", refsource: "GENTOO", url: "http://www.gentoo.org/security/en/glsa/glsa-200701-20.xml", }, { name: "1017545", refsource: "SECTRACK", url: "http://securitytracker.com/id?1017545", }, { name: "20070107 TK53 Advisory #1: CenterICQ remote DoS buffer overflow in LiveJournal handling", refsource: "BUGTRAQ", url: "http://www.securityfocus.com/archive/1/456255/100/0/threaded", }, { name: "33408", refsource: "OSVDB", url: "http://osvdb.org/33408", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2007-0160", datePublished: "2007-01-10T00:00:00", dateReserved: "2007-01-09T00:00:00", dateUpdated: "2024-08-07T12:12:17.411Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }