sipXtapi INVITE Message CSeq Field Header Remote Overflow

high Nessus Plugin ID 22092

Synopsis

The remote host contains an application that is vulnerable to a remote buffer overflow attack.

Description

The remote host is running a SIP user agent that appears to be compiled using a version of SIP Foundry's SipXtapi library before March 24, 2006. Such versions contain a buffer overflow flaw that is triggered when processing a specially crafted packet with a long value for the 'CSeq' field. A remote attacker may be able to exploit this issue to execute arbitrary code on the affected host subject to the privileges of the current user.

Solution

Contact the software vendor to see if an upgrade is available.

See Also

https://www.securityfocus.com/archive/1/439617/30/0/threaded

https://seclists.org/fulldisclosure/2006/Jul/161

Plugin Details

Severity: High

ID: 22092

File Name: sipxtapi_cseq_overflow.nasl

Version: 1.25

Type: remote

Family: Misc.

Published: 7/25/2006

Updated: 3/6/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 7/10/2006

Exploitable With

Metasploit (SIPfoundry sipXphone 2.6.0.27 CSeq Buffer Overflow)

Reference Information

CVE: CVE-2006-3524

BID: 18906