- Mitglied seit
- 6 Mai 2004
- Beiträge
- 1,864
- Punkte für Reaktionen
- 0
- Punkte
- 0
Keine Ahnung, ob hier jemand dieses Softphone benutzt - ich hatte davon noch nicht mal gehört - jedenfalls kam über bugtraq eben die Meldung, dass eine Sicherheitslücke durch buffer overflow besteht.
"eStara Softphone is a SIP softphone. There exists a buffer overflow venerability in the SIP stack when a SIP packet with SDP data, and the data length of the attribute filed ("a") large than 4021 bytes.
By exploiting this buffer overflow, an attacker can potentially gain control of the return address of the executing function, allowing arbitrary code execution with logon user's privileges.
eStara Softphone 3.0.1.14 and 3.0.1.46(latest) are vulnerable. the others may also be affected."
http://www.estara.com/softphone
Gruß,
Tin
"eStara Softphone is a SIP softphone. There exists a buffer overflow venerability in the SIP stack when a SIP packet with SDP data, and the data length of the attribute filed ("a") large than 4021 bytes.
By exploiting this buffer overflow, an attacker can potentially gain control of the return address of the executing function, allowing arbitrary code execution with logon user's privileges.
eStara Softphone 3.0.1.14 and 3.0.1.46(latest) are vulnerable. the others may also be affected."
http://www.estara.com/softphone
Gruß,
Tin