Nortel UNIStim IP Softphone Buffer-Overflow

2007.10.23
Risk: High
Local: Yes
Remote: Yes
CWE: CWE-119


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

############################################################# # # COMPASS SECURITY ADVISORY http://www.csnc.ch/ # ############################################################# # # Product: IP Softphone # Vendor: Nortel # Subject: UNIStim IP Softphone Buffer-Overflow # Risk: High # Effect: Currently not exploitable # Author: Cyrill Brunschwiler (cyrill.brunschwiler (at) csnc (dot) ch # Date: October, 18th 2007 # ############################################################# Introduction: ------------- Flooding an UNIStim IP Softphone on the RTCP Port with garbage immediately results in a Microsoft Windows error message which is mostly caused by memory corruption (buffer overflow). This vulnerability may be exploitable to gain user privileges on the client workstation and execute malicious commands or code. Nortel has noted this as: Title: UNIStim IP Softphone - Potential Vulnerability Due to Buffer Overflow Number: 2007008382 http://support.nortel.com/go/main.jsp?cscat=SECUREADVISORY Vulnerable: ----------- IP Softphone 2050 Vulnerability Management: ------------------------- June 2007: Vulnerability found June 2007: Nortel Security notified October 2007: Nortel Advisory available October 2007: Compass Security Information Remediation: ------------ According to Nortel the vulnerability is still under investigation. The Nortel advisory will be reissued if the investigation results in new prevention information. Reference: http://www.csnc.ch/static/advisory/secadvisorylist.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top