390 matches found
Opal library / Ekiga memory corruption
Insufficient SIP Content-Length validation allows to overwrite single byte of memory...
OpenH323 Opal库SIP协议远程拒绝服务漏洞
BUGTRAQ ID: 25955 CVECAN ID: CVE-2007-4924 Openh323是为开发使用H.323协议在IP网上进行多媒体通信的应用程序而专门设计的全功能协议栈。 Openh323的实现在处理畸形格式的SIP报文时存在漏洞,远程攻击者可能利用此漏洞导致用户的系统崩溃。 OpenH323所使用的opal库的sip/sippdu.cxx文件中SIPPDU::Read方式没有正确地处理SIP报文头中的Content-Length字段,如果远程攻击者向使用了该库的应用程序发送了畸形的SIP报文的话,就可能向任意内存位置写入“\0”字节,导致拒绝服务。 OpenH323...
opal security update
CentOS Errata and Security Advisory CESA-2007:0957 Updated opal packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Open Phone Abstraction Library opal is...
OpenH323 Opal SIP协议远程拒绝服务漏洞
Openh323是为开发使用H.323协议在IP网上进行多媒体通信的应用程序而专门设计的全功能协议栈。 Openh323处理SIP协议头字段数据存在问题,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 Ekiga是基于Openh323协议实现,Ekiga使用的OPAL库在执行对SIP协议头字段'Content-Length'数据处理时缺少充分的输入验证,这个漏洞可用于写'\0'字节到攻击者控制的地址而使应用程序崩溃。 OpenH323 OpenH323 Opal 2.2.4 Ekiga Ekiga 2.0.9 Ekiga Ekiga 2.0.5 Ekiga Ekiga 2.0.4...
RHEL 5 : opal (RHSA-2007:0957)
Updated opal packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Open Phone Abstraction Library opal is implementation of various telephony and video communication...
CVE-2007-4924
The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...
Design/Logic Flaw
The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...
CVE-2007-4924
The CVE-2007-4924 affects the Open Phone Abstraction Library (opal) used by Ekiga (before 2.0.10) and OpenH323 (before 2.2.4). A flaw in how opal handles certain SIP packets (invalid Content-Length) allows a remote attacker to crash the vulnerable application, yielding a denial-of-service conditi...
Moderate: Red Hat Security Advisory: opal security update
Updated opal packages that fix a security issue are now available for Red Hat Enterprise Linux 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Open Phone Abstraction Library opal is implementation of various telephony and video communication...
ekiga remote crash caused by insufficient input validation
The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...