SIP: SDP Version Overflow
This signature detects attempts to exploit a known vulnerability in the Session Initiation Protocol (SIP) SDP. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service.
Extended Description
A remote buffer overflow vulnerability affects eStara Softphone. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers. An attacker may exploit this issue to execute arbitrary code with the privileges of the vulnerable application. This may facilitate unauthorized access or privilege escalation. eStara Softphone versions 3.0.1.14, and 3.0.1.46 are vulnerable to this issue; other versions may also be affected.
Affected Products
Estara softphone
References
BugTraq: 16213
CVE: CVE-2006-0189
URL: http://www.ee.oulu.fi/research/ouspg/protos/testing/c07/sip/
Short Name
VOIP:SIP:SDP:VERSION-OF
Severity
Minor
Recommended
False
Recommended Action
None
Category
VOIP
Keywords
CVE-2006-0189 Overflow SDP Version bid:16213
Release Date
11/30/2006
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Estara
CVSS Score
7.5