OpenH323 Opal SIP Denial Of Service

!/usr/bin/env python OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability CVE-2007-4924 opal228dos.py by Jose Miguel Esparza 2007-10-08 S21sec labs import sys,socket if lensys.argv != 3: sys.exit"Usage: " + sys.argv0 + " targethost targetport\n" target = sys.argv1 targetPort =...

OpenH323 Opal SIP Protocol Remote Denial of Service Exploit

Exploit for unknown platform in category dos / poc =========================================================== OpenH323 Opal SIP Protocol Remote Denial of Service Exploit =========================================================== !/usr/bin/env python OpenH323 Opal SIP Protocol Remote Denial of...

OpenH323 Opal SIP Protocol - Remote Denial of Service

OpenH323 Opal SIP Protocol - Remote Denial of Service !/usr/bin/env python OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability CVE-2007-4924 opal228dos.py by Jose Miguel Esparza 2007-10-08 S21sec labs import sys,socket if lensys.argv != 3: sys.exit"Usage: " + sys.argv0 + " targethos...

OpenH323 Opal SIP Protocol Remote Denial of Service Exploit

No description provided by source. !/usr/bin/env python OpenH323 Opal SIP Protocol Remote Denial of Service Vulnerability CVE-2007-4924 opal228dos.py by Jose Miguel Esparza 2007-10-08 S21sec labs import sys,socket if lensys.argv != 3: sys.exit"Usage: " + sys.argv0 + " targethost targetport\n"...

FreeBSD Ports: pwlib

The remote host is missing an update to the system as announced in the referenced advisory. VID 27c331d5-64c7-11d8-80e3-0020ed76ef5a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: pwlib

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Debian: Security Advisory (DSA-448)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service

S21Sec Advisory - Title: OPAL SIP Protocol Remote Denial of Service ID: S21SEC-037-en Severity: Medium - Remote DoS History: 11.Jun.2007 Vulnerability discovered 09.Jul.2007 Vendor contacted 15.Aug.2007 Patched 17.Sep.2007 New version released Scope: Remote Denial of Service Platforms: Any...

OpenH323 Opal库SIP协议远程拒绝服务漏洞

BUGTRAQ ID: 25955 CVECAN ID: CVE-2007-4924 Openh323是为开发使用H.323协议在IP网上进行多媒体通信的应用程序而专门设计的全功能协议栈。 Openh323的实现在处理畸形格式的SIP报文时存在漏洞，远程攻击者可能利用此漏洞导致用户的系统崩溃。 OpenH323所使用的opal库的sip/sippdu.cxx文件中SIPPDU::Read方式没有正确地处理SIP报文头中的Content-Length字段，如果远程攻击者向使用了该库的应用程序发送了畸形的SIP报文的话，就可能向任意内存位置写入“\0”字节，导致拒绝服务。 OpenH323...

OpenH323 Opal SIP协议远程拒绝服务漏洞

Openh323是为开发使用H.323协议在IP网上进行多媒体通信的应用程序而专门设计的全功能协议栈。 Openh323处理SIP协议头字段数据存在问题，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 Ekiga是基于Openh323协议实现，Ekiga使用的OPAL库在执行对SIP协议头字段'Content-Length'数据处理时缺少充分的输入验证，这个漏洞可用于写'\0'字节到攻击者控制的地址而使应用程序崩溃。 OpenH323 OpenH323 Opal 2.2.4 Ekiga Ekiga 2.0.9 Ekiga Ekiga 2.0.5 Ekiga Ekiga 2.0.4...

Design/Logic Flaw

The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...

CVE-2007-4924

The CVE-2007-4924 affects the Open Phone Abstraction Library (opal) used by Ekiga (before 2.0.10) and OpenH323 (before 2.2.4). A flaw in how opal handles certain SIP packets (invalid Content-Length) allows a remote attacker to crash the vulnerable application, yielding a denial-of-service conditi...

ekiga remote crash caused by insufficient input validation

The Open Phone Abstraction Library opal, as used by 1 Ekiga before 2.0.10 and 2 OpenH323 before 2.2.4, allows remote attackers to cause a denial of service crash via an invalid Content-Length header field in Session Initiation Protocol SIP packets, which causes a \0 byte to be written to an...

Fedora Core 1 : pwlib-1.5.0-4 (2004-078)

A test suite for the H.225 protocol part of the H.323 family provided by the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker could trigger these bugs by sending carefully crafted messages to an application. The effects of such an attack can vary depending on the application, but...

RHEL 3 : pwlib (RHSA-2004:047)

Updated PWLib packages that contain fixes for security issues found during protocol testing by the NISCC are now available. PWLib is a cross-platform class library designed to support the OpenH323 project. OpenH323 provides an implementation of the ITU H.323 teleconferencing protocol, used by...

DSA-448 pwlib - several vulnerabilities

Bulletin has no description...

Moderate: Red Hat Security Advisory: pwlib security update

Updated PWLib packages that contain fixes for security issues found during protocol testing by the NISCC are now available. PWLib is a cross-platform class library designed to support the OpenH323 project. OpenH323 provides an implementation of the ITU H.323 teleconferencing protocol, used by...

[RHSA-2004:048-01] Updated PWLib packages fix protocol security issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - --------------------------------------------------------------------- Red Hat Security Advisory Synopsis: Updated PWLib packages fix protocol security issues Advisory ID: RHSA-2004:048-01 Issue date: 2004-02-13 Updated on: 2004-02-13 Product: Red Ha...

Vulnerabilities in H.323 implementations

The NISCC and the OUSPG developed a test suite for the H.323 protocol. This test suite has uncovered vulnerabilities in several H.323 implementations with impacts ranging from denial-of-service to arbitrary code execution. In the FreeBSD Ports Collection, pwlib' is directly affected. Other...