SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Ekiga (GnomeMeeting) Vendors:   gnomemeeting.org
Ekiga SIPURL::GetHostAddress() Memory Corruption Bug Lets Remote Users Deny Service
SecurityTracker Alert ID:  1018683
SecurityTracker URL:  http://securitytracker.com/id/1018683
CVE Reference:   CVE-2007-4897   (Links to External Site)
Updated:  Oct 8 2007
Original Entry Date:  Sep 12 2007
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0.5 and prior versions
Description:   A vulnerability was reported in Ekiga (GnomeMeeting). A remote user can cause denial of service conditions.

A remote user can send a specially crafted SIP URL to cause the target service to crash.

The vulnerability resides in the SIPURL::GetHostAddress() function.

The vendor was notified on July 9, 2007.

The original advisory is available at:

http://www.s21sec.com/avisos/s21sec-036-en.txt

Jose Miguel Esparza of S21Sec reported this vulnerability.
Impact:   A remote user can cause denial of service conditions.
Solution:   The report indicates that version 2.0.7 is not affected.
Vendor URL:  www.ekiga.org/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Oct 8 2007 (Red Hat Issues Fix for PWLib) Ekiga SIPURL::GetHostAddress() Memory Corruption Bug Lets Remote Users Deny Service
Red Hat has released a fix for PWLib on Red Hat Enterprise Linux 5.


 Source Message Contents
Subject:  [Full-disclosure] S21SEC-036-EN Ekiga <= 2.0.5 Denial of service

##############################################################
                      - S21Sec Advisory -
##############################################################

     Title:		Ekiga Denial of Service
        ID:		S21SEC-036-en
  Severity:	Medium - Remote DoS
   History:		14.May.2007 Vulnerability discovered
			09.Jul.2007 Vendor contacted

     Scope:	Application Denial of Service
Platforms:	Any
    Author:	Jose Miguel Esparza (jesparza@s21sec.com)
       URL:		http://www.s21sec.com/avisos/s21sec-036-en.txt
   Release:	Public


[ SUMMARY ]

Ekiga (formely known as GnomeMeeting) is an open source VoIP and  
video conferencing application for
GNOME. Ekiga uses both the H.323 and SIP protocols. It supports many  
audio and video codecs, and is
interoperable with other SIP compliant software and also with  
Microsoft NetMeeting.


[ AFFECTED VERSIONS ]

Following versions are affected with this issue:
	- Ekiga 2.0.5 and prior.


[ DESCRIPTION ]

Due to a bad management of memory allocation for the input data it's  
possible to crash the application
causing a denial of service.


[ WORKAROUND ]

Upgrade to 2.0.7 or 2.0.9 versions is recommended to resolve this  
problem. If not possible, some
additional input data check will be necessary in the  
SIPURL::GetHostAddress() function.


[ ACKNOWLEDGMENTS ]

This vulnerability have been found and researched by:
	- Jose Miguel Esparza <jesparza@s21sec.com> S21Sec


[ ADDITIONAL INFORMATION ]

This vulnerability has been discovered thanks to the network fuzzer  
Malybuzz disponible in the url
http://malybuzz.sourceforge.net/.


[ REFERENCES ]

* Ekiga
   http://ekiga.org

* S21Sec
   http://www.s21sec.com

* S21sec Blog
   http://blog.s21sec.com

* Malybuzz
   http://www.s21sec.com/malybuzz/malybuzz.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC