Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
VOIP:SIP:SDP:VERSION-OF |
|---|---|
Severity |
Minor |
Recommended |
No |
Category |
VOIP |
Keywords |
SDP Version Overflow |
Release Date |
2006/11/30 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
SIP: SDP Version Overflow
This signature detects attempts to exploit a known vulnerability in the Session Initiation Protocol (SIP) SDP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Extended Description
A remote buffer overflow vulnerability affects eStara Softphone. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the vulnerable application. This may facilitate unauthorized access or privilege escalation. eStara Softphone versions 3.0.1.14, and 3.0.1.46 are vulnerable to this issue; other versions may also be affected.
Affected Products
- Estara softphone 3.0.1 .14
- Estara softphone 3.0.1 .46
References
- BugTraq: 16213
- CVE: CVE-2006-0189
- URL: http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/