lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20051221090829.17921.qmail@securityfocus.com>
Date: 21 Dec 2005 09:08:29 -0000
From: service@...-squad.com
To: bugtraq@...urityfocus.com
Subject: [Hat-Squad] Remote Heap Corruption Vulnerability in Interaction
 SIP Proxy


Hat-Squad Advisory: Remote Heap Corruption Vulnerability in Interaction SIP Proxy

Product: Interaction SIP Proxy
Vendor: Interactive Intelligence Inc. (http://www.inin.com)

Systems Affected: 

Vonexus Enterprise Interaction Center
Interaction SipProxy 3.0.010

Release Date: 12/21/2005

Vendor Status: 

Informed on 12/11/2005 
Initial response on 12/12/2005
Patch released on 12/18/2005

Overview:

Interaction SIP Proxy is Microsoft Windows-based software that provides basic SIP proxy and registrar functionality as defined in the IETF SIP-oriented RFC 3261. The Interaction SIP Proxy routes incoming SIP messages based on configurable dial plan and server plans, with simplified administration via Web interface.

Problem:

Hat-Squad security team has discovered a remote heap overflow in Interaction SIP Proxy. The vulnerability allows a remote attacker to overwrite heap memory and cause a a severe denial-of-service condition on system. Exploitation of this vulnerability for code execution requires a magic sequence of pre-allocations, data and size.

Technical Details:

The code in i3sipmsg.dll is responsible for handling SIP requests. The vulnerability is triggered by sending 2900 bytes of space (0x20) or TAB (0x9) characters as SIP version in a REGISTER request line. This will cause a heap overflow in SIPParser function.

A Proof of concept for this vulnerability is available at http://www.hat-squad.com/i3sip.html


Credits:

This Vulnerability has been Discovered By Behrang Fouladi (behrang hat-squad com)

Greetings:

Persia, Hamid, Hesam geek, Nima, Brett Moore, class101 and Babak

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ