Lucene search
K

390 matches found

securityvulns
securityvulns
added 2007/10/15 12:0 a.m.22 views

Opal library / Ekiga memory corruption

Insufficient SIP Content-Length validation allows to overwrite single byte of memory...

3.5AI score
Exploits0References1Affected Software2
seebug.org
seebug.org
added 2007/10/11 12:0 a.m.31 views

OpenH323 Opal库SIP协议远程拒绝服务漏洞

BUGTRAQ ID: 25955 CVECAN ID: CVE-2007-4924 Openh323是为开发使用H.323协议在IP网上进行多媒体通信的应用程序而专门设计的全功能协议栈。 Openh323的实现在处理畸形格式的SIP报文时存在漏洞,远程攻击者可能利用此漏洞导致用户的系统崩溃。 OpenH323所使用的opal库的sip/sippdu.cxx文件中SIPPDU::Read方式没有正确地处理SIP报文头中的Content-Length字段,如果远程攻击者向使用了该库的应用程序发送了畸形的SIP报文的话,就可能向任意内存位置写入“\0”字节,导致拒绝服务。 OpenH323...

5CVSS6.3AI score0.1068EPSS
Exploits6
Cent OS
Cent OS
added 2007/10/09 11:45 p.m.57 views

opal security update

CentOS Errata and Security Advisory CESA-2007:0957 Updated opal packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Open Phone Abstraction Library opal is...

5CVSS5.8AI score0.1068EPSS
Exploits6References7
seebug.org
seebug.org
added 2007/10/09 12:0 a.m.26 views

OpenH323 Opal SIP协议远程拒绝服务漏洞

Openh323是为开发使用H.323协议在IP网上进行多媒体通信的应用程序而专门设计的全功能协议栈。 Openh323处理SIP协议头字段数据存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 Ekiga是基于Openh323协议实现,Ekiga使用的OPAL库在执行对SIP协议头字段'Content-Length'数据处理时缺少充分的输入验证,这个漏洞可用于写'\0'字节到攻击者控制的地址而使应用程序崩溃。 OpenH323 OpenH323 Opal 2.2.4 Ekiga Ekiga 2.0.9 Ekiga Ekiga 2.0.5 Ekiga Ekiga 2.0.4...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2007/10/09 12:0 a.m.25 views

RHEL 5 : opal (RHSA-2007:0957)

Updated opal packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Open Phone Abstraction Library opal is implementation of various telephony and video communication...

5CVSS5.3AI score0.1068EPSS
Exploits6References3
NVD
NVD
added 2007/10/08 9:17 p.m.9 views

CVE-2007-4924

The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...

5CVSS6.4AI score0.1068EPSS
Exploits6References22
Prion
Prion
added 2007/10/08 9:17 p.m.16 views

Design/Logic Flaw

The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...

5CVSS6.6AI score0.1068EPSS
Exploits6References22Affected Software2
CVE
CVE
added 2007/10/08 9:0 p.m.77 views

CVE-2007-4924

The CVE-2007-4924 affects the Open Phone Abstraction Library (opal) used by Ekiga (before 2.0.10) and OpenH323 (before 2.2.4). A flaw in how opal handles certain SIP packets (invalid Content-Length) allows a remote attacker to crash the vulnerable application, yielding a denial-of-service conditi...

5CVSS6.2AI score0.1068EPSS
Exploits6References22Affected Software2
RedHat Linux
RedHat Linux
added 2007/10/08 8:8 a.m.37 views

Moderate: Red Hat Security Advisory: opal security update

Updated opal packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Open Phone Abstraction Library opal is implementation of various telephony and video communication...

5CVSS5.8AI score0.1068EPSS
Exploits6References2
RedHat Linux
RedHat Linux
added 2007/10/08 8:8 a.m.8 views

ekiga remote crash caused by insufficient input validation

The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...

5CVSS5.8AI score0.1068EPSS
Exploits6References4
Rows per page
Query Builder