Computer Security
[EN] securityvulns.ru no-pyccku


Yate VoIP server DoS
Published:02.05.2007
Source:
SecurityVulns ID:7654
Type:remote
Threat Level:
5/10
Description:NULL pointer dereference on absent "purpose" parameter of SIP "Call-Info" header.
Affected:YATE : Yate 1.1
CVE:CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before 1.2.0 sets the caller_info_uri parameter using a incorrect variable that can be NULL, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a Call-Info header without a purpose parameter.)
Original documentdocumentno-reply_(at)_radware.com, Radware Security Advisory - Yate 1.1.0 Denial of Service Vulnerability (02.05.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod