Ekiga Denial of Service

2007.09.17
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-399


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

############################################################## - S21Sec Advisory - ############################################################## Title: Ekiga Denial of Service ID: S21SEC-036-en Severity: Medium - Remote DoS History: 14.May.2007 Vulnerability discovered 09.Jul.2007 Vendor contacted Scope: Application Denial of Service Platforms: Any Author: Jose Miguel Esparza (jesparza@s21sec.com) URL: http://www.s21sec.com/avisos/s21sec-036-en.txt Release: Public [ SUMMARY ] Ekiga (formely known as GnomeMeeting) is an open source VoIP and video conferencing application for GNOME. Ekiga uses both the H.323 and SIP protocols. It supports many audio and video codecs, and is interoperable with other SIP compliant software and also with Microsoft NetMeeting. [ AFFECTED VERSIONS ] Following versions are affected with this issue: - Ekiga 2.0.7 and prior. [ DESCRIPTION ] Due to a bad management of memory allocation for the input data it's possible to crash the application causing a denial of service. [ WORKAROUND ] Upgrade to 2.0.9 version is recommended to resolve this problem. If not possible, some additional input data check will be necessary in the SIPURL::GetHostAddress() function. [ ACKNOWLEDGMENTS ] This vulnerability have been found and researched by: - Jose Miguel Esparza <jesparza@s21sec.com> S21Sec [ ADDITIONAL INFORMATION ] This vulnerability has been discovered thanks to the network fuzzer Malybuzz available in the url http://malybuzz.sourceforge.net/. [ REFERENCES ] * Ekiga http://ekiga.org * S21Sec http://www.s21sec.com * Malybuzz http://malybuzz.sourceforge.net/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top