PublicDate: 2007-10-08 21:17:00 UTC
Candidate: CVE-2007-4924
References:
 http://rhn.redhat.com/errata/RHSA-2007-0957.html
 https://ubuntu.com/security/notices/USN-562-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4924
Description:
 The Open Phone Abstraction Library (opal), as used by (1) Ekiga before
 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a
 denial of service (crash) via an invalid Content-Length header field in
 Session Initiation Protocol (SIP) packets, which causes a \0 byte to be
 written to an "attacker-controlled address."
Ubuntu-Description:
Notes:
 jdstrand> openh323 as included in Ubuntu doesn't contain the vulnerable files
Bugs:
Priority: low
Discovered-by:
Assigned-to: kees
CVSS: 

upstream_opal: released (2.2.11)
dapper_opal: released (2.2.1-1ubuntu1.1)
edgy_opal: released (2.2.3.dfsg-0ubuntu2.1)
feisty_opal: released (2.2.3.dfsg-2ubuntu2.1)
gutsy_opal: not-affected
devel_opal: not-affected

upstream_openh323: released (2.2.4)
dapper_openh323: not-affected
edgy_openh323: not-affected
feisty_openh323: not-affected
gutsy_openh323: not-affected
devel_openh323: not-affected