Ekiga < 4.0.1 ptlib XML Expansion Recursion DoS
Medium Nessus Plugin ID 66033
SynopsisThe version of Ekiga installed on the remote host may be affected by a denial of service vulnerability.
DescriptionAccording to the version in its SIP banner, the installed version of Ekiga on the remote host is earlier than 4.0.1 and thus contains a version of the ptlib library that fails to conduct proper length checks during XML expansion. A remote, unauthenticated attacker could exploit this issue to consume extreme amounts of CPU and memory through the use of a specially crafted XML document.
SolutionUpgrade to Ekiga 4.0.1 or later.