[VOIPSEC] [VOIPSEC eStara softphone buffer overflow & Cisco IP Phone 7940 DoS
Eric Xu
Eric.Xu at telus.com
Fri Jan 13 11:37:04 CST 2006
Forgive me: I changed the email "Subject" to make this discussion more specific to these two problems. ;)
There is another source about the eStara vulnerability mentioned in Simth's email post:
See: http://www.milw0rm.com/
2006-01-12 eStara Softphone <= 3.0.1.46 (SIP) Remote Buffer Overflow Exploit
2006-01-12 eStara Softphone <= 3.0.1.46 (SIP) Remote Buffer Overflow Exploit
Well, I am more interested in this one: http://www.milw0rm.com/id.php?id=1411
2006-01-10 Cisco IP Phone 7940 (Reboot) Denial of Service Exploit
Any other clues or comments from members here?
Cheers/Eric
-----Original Message-----
From: Smith, Donald [mailto:Donald.Smith at qwest.com]
Sent: Thursday, January 12, 2006 10:24 AM
To: voipsec at voipsa.org
Subject: [VOIPSEC] SIP softphone buffer overflow
I have NOT tested this. I don't plan to but since this list has discussed SIP attacks and buffer overflows I though this would be of interest.
----------------------------------------------------------------------
FrSIRT / Exploits and Codes
----------------------------------------------------------------------
French Security Incident Response Team 24x7
----------------------------------------------------------------------
- 12 January 2006 -
----------------------------------------------------------------------
- eStara SoftPhone SIP Packets Handling Remote Buffer Overflow Exploit
Advisory ID : FrSIRT/ADV-2006-0167
Rated as : Critical
Port : 5060/UDP
http://www.frsirt.com/exploits/20060112.sip_overflow_exploit.c.php
----------------------------------------------------------------------
Copyright (c) 2002-2006 - FrSIRT.COM
----------------------------------------------------------------------
"Pampers use multiple layers of protection to prevent leakage. Rommel used defense in depth to defend European fortresses." (Andrew White) Donald.Smith at qwest.com giac
More information about the Voipsec
mailing list