OSVDB ID: 41637

Title: Open Phone Abstraction Library (opal) SIP Packet Malformed Content-Length Header Field Remote DoS

Info

Disclosure

Sep 17, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 15, 2007

Description

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Solution: Patch / RCS, Upgrade
Disclosure: Vendor Verified

Solution

Upgrade to version 2.2.10 or higher, as it has been reported to fix this vulnerability. In addition, the vendor has released a patch for some older versions.

Products

Unknown or Incomplete

References

Security Tracker: 1018776
CVE ID: 2007-4924 (see also: NVD)
Bugtraq ID: 25955
Secunia Advisory ID: 27118 27128 27129 27271 27524 28380
Milw0rm: 9240
Exploit Database: 9240
VUPEN Advisory: ADV-2007-3413 ADV-2007-3414
Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
Other Advisory URL: http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html
http://www.mandriva.com/security/advisories?name=MDKSA-2007:205
http://www.s21sec.com/avisos/s21sec-037-en.txt
http://www.ubuntu.com/usn/usn-562-1
Vendor Specific News/Changelog Entry: http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20
https://bugzilla.redhat.com/show_bug.cgi?id=296371
RedHat RHSA: RHSA-2007:0957

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/41637