[VOIPSEC] SIP softphone buffer overflow
Smith, Donald
Donald.Smith at qwest.com
Thu Jan 12 12:24:14 CST 2006
I have NOT tested this. I don't plan to but since this list has
discussed SIP attacks and buffer overflows I though this would be of
interest.
----------------------------------------------------------------------
FrSIRT / Exploits and Codes
----------------------------------------------------------------------
French Security Incident Response Team 24x7
----------------------------------------------------------------------
- 12 January 2006 -
----------------------------------------------------------------------
- eStara SoftPhone SIP Packets Handling Remote Buffer Overflow Exploit
Advisory ID : FrSIRT/ADV-2006-0167
Rated as : Critical
Port : 5060/UDP
http://www.frsirt.com/exploits/20060112.sip_overflow_exploit.c.php
----------------------------------------------------------------------
Copyright (c) 2002-2006 - FrSIRT.COM
----------------------------------------------------------------------
"Pampers use multiple layers of protection to prevent leakage. Rommel
used defense in depth to defend European fortresses." (Andrew White)
Donald.Smith at qwest.com giac
More information about the Voipsec
mailing list