27122 : sipXtapi INVITE Message CSeq Field Remote Overflow
Printer | http://osvdb.org/27122 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
6	906	over 5 years ago	12 months ago	9 times	90%

Timeline

Discovery Date	Disclosure Date	Exploit Publish Date
2006-03-20	2006-07-10	2006-07-10

Time to Exploit
112 days

Keywords

ERNW Security Advisory 02-2006

Description

A remote overflow exists in SIPfoundry, Inc. siXtapi. The program fails to validate the length of the 'CSeq' field of an INVITE message resulting in a buffer overflow. With a specially crafted message, an attacker can run arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public, Exploit Commercial

Technical

SIPfoundry, Inc. sipXtapi is not distributed as a versioned package. The versions released before March 24th, 2006 are vulnerable to this issue.

Solution

Upgrade to versions released on or after 2006-03-24, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

SIPfoundry, Inc.

sipXtapi

Unknown or Unspecified

References

Security Tracker: 1016455
Bugtraq ID: 18906
Milw0rm: 2000
Exploit Database: 2000
CVE ID: 2006-3524 (see also: NVD)
Secunia Advisory ID: 20997
Metasploit ID: 27122
ISS X-Force ID: 27681
VUPEN Advisory: ADV-2006-2735
Keyword: ERNW Security Advisory 02-2006
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0109.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0495.html
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/sipxtapi_cseq
Vendor URL: http://www.sipfoundry.org/

Tools & Filters

	22092

Credit

Michael Thumann - mthumannernw.de -

CVSSv2 Score

CVSSv2 Base Score = 7.5
Source: nvd.nist.gov | Generated: 2006-07-12 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.