Remote Heap Corruption Vulnerability in Interaction SIP Proxy

2005.12.22
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Hat-Squad Advisory: Remote Heap Corruption Vulnerability in Interaction SIP Proxy Product: Interaction SIP Proxy Vendor: Interactive Intelligence Inc. (http://www.inin.com) Systems Affected: Vonexus Enterprise Interaction Center Interaction SipProxy 3.0.010 Release Date: 12/21/2005 Vendor Status: Informed on 12/11/2005 Initial response on 12/12/2005 Patch released on 12/18/2005 Overview: Interaction SIP Proxy is Microsoft Windows-based software that provides basic SIP proxy and registrar functionality as defined in the IETF SIP-oriented RFC 3261. The Interaction SIP Proxy routes incoming SIP messages based on configurable dial plan and server plans, with simplified administration via Web interface. Problem: Hat-Squad security team has discovered a remote heap overflow in Interaction SIP Proxy. The vulnerability allows a remote attacker to overwrite heap memory and cause a a severe denial-of-service condition on system. Exploitation of this vulnerability for code execution requires a magic sequence of pre-allocations, data and size. Technical Details: The code in i3sipmsg.dll is responsible for handling SIP requests. The vulnerability is triggered by sending 2900 bytes of space (0x20) or TAB (0x9) characters as SIP version in a REGISTER request line. This will cause a heap overflow in SIPParser function. A Proof of concept for this vulnerability is available at http://www.hat-squad.com/i3sip.html Credits: This Vulnerability has been Discovered By Behrang Fouladi (behrang hat-squad com) Greetings: Persia, Hamid, Hesam geek, Nima, Brett Moore, class101 and Babak


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top