[VOIPSEC] Actual Attacks - UA handling
mht3 at earthlink.net
Tue Mar 1 13:20:59 GMT 2005
Just validating whether a VOIP's implementation allows for buffer overflow in a URI over a REGISTER request over UDP is possible.
Most UA should not accept a malicious request over 255 characters as the username, but some of the major player implementations do, and no configuration option to restrict how many characters a UA should accept.
More information about the Voipsec