Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2007-4924

Published: 8 October 2007

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

Notes

AuthorNote
jdstrand
openh323 as included in Ubuntu doesn't contain the vulnerable files

Priority

Low

Status

Package Release Status
opal
Launchpad, Ubuntu, Debian
upstream
Released (2.2.11)
dapper
Released (2.2.1-1ubuntu1.1)
edgy
Released (2.2.3.dfsg-0ubuntu2.1)
feisty
Released (2.2.3.dfsg-2ubuntu2.1)
gutsy Not vulnerable

openh323
Launchpad, Ubuntu, Debian
upstream
Released (2.2.4)
dapper Not vulnerable

edgy Not vulnerable

feisty Not vulnerable

gutsy Not vulnerable