SIP

Pwlib/Ekiga Denial of Service

ID: CVE-2007-04897  BID-25642

Product: PWLib is a moderately large C++ class library that originated many years ago as a method to produce applications that run on both Microsoft Windows and Unix X-Windows systems. It also was to have a Macintosh port as well, but this never eventuated. The library is used extensively by many companies for both commercial and Open Source products. The motivation in making PWLib available as Open Source was primarily to support the OpenH323 project, but it is definitely useful as a stand-alone library.

Scope: Remote Denial of Service

Severity: Low-Medium

Timeline:

  • [2007-05-14] Vulnerability discovered
  • [2007-07-09] Vendor contacted
  • [2007-08-15] Ekiga patched
  • [2007-09-11] Vulnerability published
  • [2007-09-27] Pwlib patched
     

Platforms: Any

Author: Jose Miguel Esparza

Affected versions: Pwlib <= 1.10.0 (also the applications which use this library, for example Ekiga <= 2.0.7)

OPAL SIP Protocol Remote Denial of Service

ID: CVE-2007-04924  BID-25955

Product: OPAL (Open Phone Abstraction Layer) is an implementation of various telephony and video communication protocols for use over packet based networks. It's based on code from the OpenH323 project and adds new features such as a stream based architecture, better support for re-use or removal of sub-components, and explicit support for additional protocols.

Scope: Remote Denial of Service

Severity: Low-Medium

Timeline:

  • [2007-06-11] Vulnerability discovered
  • [2007-07-09] Vendor contacted
  • [2007-08-15] Patched
  • [2007-09-17] New version released
  • [2007-10-08] Vulnerability published
     

Platforms: Any

Author: Jose Miguel Esparza

Affected versions: OPAL <= 2.2.8 (also the applications which use this library, for example Ekiga <= 2.0.9)

Description: Thanks to an insufficient input validation of the Content-Length field of a SIP request it is possible to write a null byte causing a denial of service (crash) of the application using this library.

Details:

Syndicate content