lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <000501c5f9c4$fefbfac0$6608a8c0@7B15E5403E9>
Date: Mon, 5 Dec 2005 12:54:52 -0500
From: "SecurityLab Research" <SLAB_research@...uritylab.net>
To: <bugtraq@...urityfocus.com>, <Voipsec@...psa.org>,
	<full-disclosure@...ts.grok.org.uk>
Subject: Buffer Overflow in MultiTech VoIP Implementations


			SecurityLab Technologies, Inc.
			--- www.securitylab.net ---

 Security Advisory
 Advisory Name: Buffer Overflow in MultiTech VoIP Implementations
  Release Date: December 05, 2005
   Application: MultiVoIP Gateway
	Platform: Multiple
	Severity: Moderate
	  Author: Ejovi Nuwere <SLAB_research[AT]securitylab.net>
 Vendor Status: Patched in Version x.08
     Reference: http://www.securitylab.net/research/


Overview:
The MultiVOIP voice over IP gateway provides toll-free voice and fax
communications over the Internet or Intranet. Occasionally MultiTech
develops and licenses their VoIP Gateways and VoIP related stacks for
inclusion in third party platforms. Therefore, this bug may affect
products outside of the MultiTech line.

SecurityLab technologies has discovered a remote buffer overflow in
MultiTech's MultiVOIP product line that may lead to remote code 
execution.

Details:
The buffer overflow occurs in the SIP packet INVITE field with a
string greater than 60 characters. Testing was performed on an
embedded device with limited debug environment. Source code was not
avaible for further analysys.

Vendor Response:
Patched. Version x.08

Recommendation:
Contact vendor for current release.

Site of the day:
InfoSecDaily http://www.infosecdaily.net
security news for security professionals

Copyright 2005 SecurityLab Technologies, Inc. You may distribute freely
without modification.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ