Ekiga < 4.0.1 ptlib XML Expansion Recursion DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The version of Ekiga installed on the remote host may be affected by a
denial of service vulnerability.

Description :

According to the version in its SIP banner, the installed version of
Ekiga on the remote host is earlier than 4.0.1 and thus contains a
version of the ptlib library that fails to conduct proper length checks
during XML expansion. A remote, unauthenticated attacker could exploit
this issue to consume extreme amounts of CPU and memory through the use
of a specially crafted XML document.

See also :

http://git.gnome.org/browse/ekiga/tree/NEWS?id=EKIGA_4_0_1
http://www.ekiga.org/news/2013-02-21/ekiga-4.0.1-stable-available

Solution :

Upgrade to Ekiga 4.0.1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.2
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 66033 ()

Bugtraq ID: 58520

CVE ID: CVE-2013-1864