MitreCVELIST:CVE-2006-2923CVE-2006-2923
The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, © Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.
References
iaxclient.sourceforge.net/iaxcomm/
secunia.com/advisories/20466
secunia.com/advisories/20560
secunia.com/advisories/20567
secunia.com/advisories/20623
secunia.com/advisories/20900
sourceforge.net/project/shownotes.php?release_id=423099&group_id=131960
www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10
www.gentoo.org/security/en/glsa/glsa-200606-30.xml
www.loudhush.ro/changelog.txt
www.securityfocus.com/archive/1/436638/100/0/threaded
www.securityfocus.com/bid/18307
www.vupen.com/english/advisories/2006/2180
www.vupen.com/english/advisories/2006/2284
www.vupen.com/english/advisories/2006/2285
www.vupen.com/english/advisories/2006/2286
exchange.xforce.ibmcloud.com/vulnerabilities/27047
Related
