Ekiga < 4.0.1 ptlib XML Expansion Recursion DoS

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The version of Ekiga installed on the remote host may be affected by a
denial of service vulnerability.

Description :

According to the version in its SIP banner, the installed version of
Ekiga on the remote host is earlier than 4.0.1 and thus contains a
version of the ptlib library that fails to conduct proper length checks
during XML expansion. A remote, unauthenticated attacker could exploit
this issue to consume extreme amounts of CPU and memory through the use
of a specially crafted XML document.

See also :


Solution :

Upgrade to Ekiga 4.0.1 or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.2
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 66033 ()

Bugtraq ID: 58520

CVE ID: CVE-2013-1864