Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:18197
HistoryOct 15, 2007 - 12:00 a.m.

S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service

2007-10-1500:00:00
vulners.com
4
JSON

##############################################################
- S21Sec Advisory -
##############################################################

    Title:  OPAL SIP Protocol Remote Denial of Service
        ID:  S21SEC-037-en

Severity: Medium - Remote DoS
History: 11.Jun.2007 Vulnerability discovered
09.Jul.2007 Vendor contacted
15.Aug.2007 Patched
17.Sep.2007 New version released

  Scope:  Remote Denial of Service

Platforms: Any
Author: Jose Miguel Esparza ([email protected])
URL: http://www.s21sec.com/avisos/s21sec-037-en.txt
Release: Public

[ SUMMARY ]

OPAL (Open Phone Abstraction Layer) is an implementation of various
telephony and video communication
protocols for use over packet based networks. It's based on code from
the OpenH323 project and adds new
features such as a stream based architecture, better support for re-
use or removal of sub-components,
and explicit support for additional protocols.

[ AFFECTED VERSIONS ]

Following versions are affected with this issue:

 - OPAL 2.2.8 and prior.

Some applications which use this library are affected too:

 - Ekiga 2.0.9 and prior.

[ DESCRIPTION ]

File: sippdu.cxx
Function: SIP_PDU::Read(OpalTransport & transport)
Instruction: entityBody[contentLength] = '\0';

An insufficient input validation of the Content-Length field of a SIP
request cause the application to
crash due to a memory mismanagement.

[ WORKAROUND ]

A patch in the url http://openh323.cvs.sourceforge.net/openh323/opal/
src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20
is available, but upgrading to new version 2.2.10 is recommended.

[ ACKNOWLEDGMENTS ]

This vulnerability have been found and researched by:

 - Jose Miguel Esparza <[email protected]> S21sec labs

[ ADDITIONAL INFORMATION ]

This vulnerability has been discovered during the development of the
network fuzzer Malybuzz, available in the url
http://malybuzz.sourceforge.net/

[ REFERENCES ]

JSON