Español | English
rss facebook linkedin Twitter

S21SEC-036-EN Ekiga Remote Denial of Service

Title: Ekiga Denial of Service
ID: S21SEC-036-en
Severity: Medium - Remote DoS
History: 14.May.2007 Vulnerability discovered
09.Jul.2007 Vendor contacted

Scope: Application Denial of Service
Platforms: Any
Author: Jose Miguel Esparza
URL: http://www.s21sec.com/avisos/s21sec-036-en.txt
Release: Public

[ SUMMARY ]

Ekiga (formely known as GnomeMeeting) is an open source VoIP and video conferencing application for GNOME. Ekiga uses both the H.323 and SIP protocols. It supports many audio and video codecs, and is interoperable with other SIP compliant software and also with Microsoft NetMeeting.


[ AFFECTED VERSIONS ]

Following versions are affected with this issue:
- Ekiga 2.0.7 and prior.


[ DESCRIPTION ]

Due to a bad management of memory allocation for the input data it's possible to crash the application causing a denial of service.


[ WORKAROUND ]

Upgrade to 2.0.9 version is recommended to resolve this problem. If not possible, some additional input data check will be necessary in the SIPURL::GetHostAddress() function


[ ACKNOWLEDGMENTS ]

This vulnerability have been found and researched by:
- Jose Miguel Esparza S21Sec


[ ADDITIONAL INFORMATION ]

This vulnerability has been discovered thanks to the network fuzzer Malybuzz available in the url http://www.s21sec.com/malybuzz/malybuzz.html


[ REFERENCES ]

* Ekiga
http://ekiga.org
* S21Sec
http://www.s21sec.com
* Malybuzz
http://malybuzz.eternal-todo.com

(+34 902 222 521)


24 horas / 7 días a la semana



© Copyright S21sec 2013 - Todos los derechos reservados


login