sipd gethostbyname_r DoS

2003-12-12T07:52:05
ID OSVDB:3021
Type osvdb
Reporter OSVDB
Modified 2003-12-12T07:52:05

Description

Vulnerability Description

sipd contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a malformed SIP request. Successful attacks will result in loss of availability of the host.

Technical Description

Improper checking of gethostbyname_r return value.

Solution Description

Upgrade to version 0.1.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

sipd contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a malformed SIP request. Successful attacks will result in loss of availability of the host.

References:

Vendor Specific Solution URL: http://www.sxdesign.com/download/sipd-0.1.4.tar.bz2 Secunia Advisory ID:10415 ISS X-Force ID: 13958 Generic Exploit URL: http://www.securiteam.com/unixfocus/6B00F0A95O.html Generic Exploit URL: http://downloads.securityfocus.com/vulnerabilities/exploits/sipd_exp.pl Bugtraq ID: 9198