AGEphone Buffer Overflow in 'sipd.dll' Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1016577
|
|
SecurityTracker URL: http://securitytracker.com/id?1016577
|
|
CVE Reference: CVE-2006-4029
(Links to External Site)
|
Updated: Jun 13 2008
|
Original Entry Date: Jul 26 2006
|
Impact: Execution of arbitrary code via network, User access via network
|
Version(s): Tested on 1.24 and 1.38.1
|
Description: Tan Chew Keong reported a vulnerability in AGEphone. A remote user can execute arbitrary code on the target system.
A remote user can send a specially crafted SIP packet via UDP to trigger a buffer overflow in 'sipd.dll' and execute arbitrary code
on the target system. The code will run with the privileges of the target service.
The original report is available at:
http://vuln.sg/agephone1381-en.html
|
Impact: A remote user can execute arbitrary code on the target system.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.ageet.com/us/agephone/index.htm (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
Reported By: TAN Chew Keong <vulnpost-remove@vuln.sg>
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 25 Jul 2006 10:46:48 +0800
From: TAN Chew Keong <vulnpost-remove@vuln.sg>
Subject: [vuln.sg] AGEphone
|
[vuln.sg] Vulnerability Research Advisory
AGEphone "sipd.dll" SIP Packet Handling Buffer Overflow
by Tan Chew Keong
Release Date: 2006-07-25
Summary
-------
A vulnerability has been found in AGEphone. When exploited, the
vulnerability allows execution of arbitrary code with privileges of the
AGEphone user via a single specially-crafted UDP SIP packet.
Tested Versions
---------------
AGEphone for Windows version 1.24 and 1.38.1
Details
-------
http://vuln.sg/agephone1381-en.html
|
|
