26 matches found
OpenSER OSP Module remote code execution
Synopsis: OpenSER OSP Module remote code execution Product: OpenSER Version: =1.1.0 Issue: ====== A critical security vulnerability has been found in OpenSER Open Settlement Protocol OSP module. OSP is an ETSI defined standard for Inter-Domain VoIP pricing,authorization and usage exchange. Detail...
SMS handling OpenSER remote code executing
Synopsis: SMS handling OpenSER remote code executing Product: OpenSER Version: =1.1.0 Issue: ====== A critical security vulnerability has been found in OpenSER SMS handling module. The vulnerable function should read the SMS from the SIM-memory. Details: ======== int fetchsmsstruct modem mdm, int...
CVE-2006-6749
Buffer overflow in the parseexpression function in parseconfig in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter...
CVE-2006-6749
The provided data identifies CVE-2006-6749 as a vulnerability in OpenSER 1.1.0 where a buffer overflow occurs in the parse_expression function within parse_config, triggered by a long str parameter. The root cause is a buffer overflow in that function. The description specifies the impact as unkn...
CVE-2006-6749
Buffer overflow in the parseexpression function in parseconfig in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter...
OpenSER Parse_Expression远程缓冲区溢出漏洞
OpenSER是一款开放源代码的SIP路由实现。 OpenSER包含的parseexpression函数存在边界条件错误,远程攻击者可以利用漏洞以服务进程权限执行任意指令。 问题存在于static int parseexpressionchar str, expression e, expression eexceptions函数中,由于/str/没有进行正确检查,可能导致覆盖目标缓冲区而造成任意代码执行。目前没有详细漏洞细节提供。 OpenSER OpenSER 1.1 目前没有详细解决方案提供: http://www.openser.org/...