Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-4924

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-4924
Last Modified 07 Mar 2011 09:59:39
Published 08 Oct 2007 05:17:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-4924

Summary

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

Vulnerable Systems

Application

  • Ekiga 2.0.9

  • Openh323 Project Openh323 2.2.3


References

REDHAT - RHSA-2007:0957

SECUNIA - 27129

SECUNIA - 27128

SECUNIA - 27118

MLIST - [ekiga-list] 20070917 [ANNOUNCE] Ekiga 2.0.10 released

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=296371

VUPEN - ADV-2007-3414

VUPEN - ADV-2007-3413

BUGTRAQ - 20071011 S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service

MISC - http://www.s21sec.com/avisos/s21sec-037-en.txt

MILW0RM - 9240

OSVDB - 41637

CONFIRM - http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20

UBUNTU - USN-562-1

SECTRACK - 1018776

BID - 25955

MANDRIVA - MDKSA-2007:205

SECUNIA - 28380

SECUNIA - 27524

SECUNIA - 27271

SUSE - SUSE-SR:2007:021


Last Updated: 27 May 2016 10:46:01