CVE - CVE-2007-4924

CVE-ID
CVE-2007-4924	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20071011 S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service URL:http://www.securityfocus.com/archive/1/482120/30/4500/threaded EXPLOIT-DB:9240 URL:https://www.exploit-db.com/exploits/9240 MLIST:[ekiga-list] 20070917 [ANNOUNCE] Ekiga 2.0.10 released URL:http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html MISC:http://www.s21sec.com/avisos/s21sec-037-en.txt CONFIRM:http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=296371 MANDRIVA:MDKSA-2007:205 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2007:205 REDHAT:RHSA-2007:0957 URL:http://www.redhat.com/support/errata/RHSA-2007-0957.html SUSE:SUSE-SR:2007:021 URL:http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html UBUNTU:USN-562-1 URL:http://www.ubuntu.com/usn/usn-562-1 BID:25955 URL:http://www.securityfocus.com/bid/25955 OVAL:oval:org.mitre.oval:def:11398 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398 VUPEN:ADV-2007-3413 URL:http://www.vupen.com/english/advisories/2007/3413 VUPEN:ADV-2007-3414 URL:http://www.vupen.com/english/advisories/2007/3414 OSVDB:41637 URL:http://osvdb.org/41637 SECTRACK:1018776 URL:http://www.securitytracker.com/id?1018776 SECUNIA:27118 URL:http://secunia.com/advisories/27118 SECUNIA:27128 URL:http://secunia.com/advisories/27128 SECUNIA:27129 URL:http://secunia.com/advisories/27129 SECUNIA:27271 URL:http://secunia.com/advisories/27271 SECUNIA:27524 URL:http://secunia.com/advisories/27524 SECUNIA:28380 URL:http://secunia.com/advisories/28380
Assigning CNA
N/A
Date Entry Created
20070917	Disclaimer: The entry creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20070917)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org