OPAL SIP Protocol Remote Denial of Service |
Product: OPAL (Open Phone Abstraction Layer) is an implementation of various telephony and video communication protocols for use over packet based networks. It's based on code from the OpenH323 project and adds new features such as a stream based architecture, better support for re-use or removal of sub-components, and explicit support for additional protocols.
Scope: Remote Denial of Service
Severity: Low-Medium
Timeline:
- [2007-06-11] Vulnerability discovered
- [2007-07-09] Vendor contacted
- [2007-08-15] Patched
- [2007-09-17] New version released
- [2007-10-08] Vulnerability published
Platforms: Any
Author: Jose Miguel Esparza
Affected versions: OPAL <= 2.2.8 (also the applications which use this library, for example Ekiga <= 2.0.9)
Description: Thanks to an insufficient input validation of the Content-Length field of a SIP request it is possible to write a null byte causing a denial of service (crash) of the application using this library.
Details:
- File: sippdu.cxx
- Function: SIP_PDU::Read(OpalTransport & transport)
- Instruction: entityBody[contentLength] = '\0';
Workaround: A patch is available, but upgrading to new version 2.2.10 is recommended.
Proof of Concept: opal228_dos.py