sipXtapi Cseq header buffer overflow

Added: 07/17/2006
CVE: CVE-2006-3524
BID: 18906
OSVDB: 27122

Background

The Session Initiation Protocol (SIP) is a signaling protocol for a variety of uses, including instant messanging and Voice over Internet Protocol. sipXtapi is a client library for SIP-based user agents. It is included in Pingtel and AIM Triton products.

Problem

sipXtapi versions built prior to March 24, 2006 are affected by a buffer overflow vulnerability when processing long CSeq headers. This vulnerability could allow a remote attacker to execute arbitrary commands.

Resolution

A patch is available within the sipXtapi source tree. Compile from the latest sources or install the latest version of Pingtel or AIM Triton products.

References

http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0160.html

Limitations

Exploit works on sipXtapi versions WIN32_2006-02-01b and WIN32_2006-03-10.

Platforms

Windows

Back to exploit index