CVE-2007-4924
Published: 8 October 2007
The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."
Notes
Author | Note |
---|---|
jdstrand | openh323 as included in Ubuntu doesn't contain the vulnerable files |
Priority
Status
Package | Release | Status |
---|---|---|
opal Launchpad, Ubuntu, Debian |
upstream |
Released
(2.2.11)
|
dapper |
Released
(2.2.1-1ubuntu1.1)
|
|
edgy |
Released
(2.2.3.dfsg-0ubuntu2.1)
|
|
feisty |
Released
(2.2.3.dfsg-2ubuntu2.1)
|
|
gutsy |
Not vulnerable
|
|
openh323 Launchpad, Ubuntu, Debian |
upstream |
Released
(2.2.4)
|
dapper |
Not vulnerable
|
|
edgy |
Not vulnerable
|
|
feisty |
Not vulnerable
|
|
gutsy |
Not vulnerable
|