Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5636

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2007-5636
Last Modified 07 Mar 2011 10:01:03
Published 23 Oct 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5636

Summary

Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows error message, aka "extraneous messaging."

Vulnerable Systems

Application

  • Nortel Ip Softphone 2050


References

XF - nortel-ipsoftphone-rtcp-bo(37256)

VUPEN - ADV-2007-3540

BID - 26118

BUGTRAQ - 20071018 Nortel UNIStim IP Softphone Buffer-Overflow

MISC - http://www.csnc.ch/static/advisory/csnc/nortel_UNIStim_IP_softphone_buffer-overflow_v1.0.txt

CONFIRM - http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=655203

SECUNIA - 27252

OSVDB - 38521

SREASON - 3271


Last Updated: 27 May 2016 10:46:14