SIP: SIP Foundry sipXtapi Overflow

This signature detects attempts to exploit a known vulnerability in the sipXtapi library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service utilizing the library.

Extended Description

The sipXtapi product is reported to be prone to a remote buffer-overflow vulnerability. This issue presents itself when the application handles a specially crafted 'CSeq' value. A successful attack may lead to unauthorized remote access in the context of a user running an affected application that uses the vulnerable library. Reports indicate that sipXtapi versions that were released prior to March 24, 2006 are vulnerable to this issue. Certain PingTel products and versions of AOL Triton may be affected because they employ the vulnerable library.

Affected Products

Sipfoundry sipxtapi

References

BugTraq: 18906

CVE: CVE-2006-3524

URL: http://www.juniper.net/security/auto/vulnerabilities/vuln3431.html http://www.securityfocus.com/archive/1/439617 http://www.securiteam.com/securitynews/5HP0420JFU.html

Short Name

VOIP:SIP:OVERFLOW:SIPXTAPI-OF

Severity

Major

Recommended

False

Recommended Action

Drop Packet

SIP: SIP Foundry sipXtapi Overflow

Extended Description

Affected Products

References

Found a potential security threat?