OpenSER 1.1.0 parse_config buffer overflow vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenSER 1.1.0 parse_config buffer overflow vulnerability

Subject: OpenSER 1.1.0 parse_config buffer overflow vulnerability
Date: 20 Dec 2006 23:32:48 -0000
From: suppressed

Function of a prototype:
static int parse_expression(char *str, expression **e, expression **e_exceptions) 

in OpenSER 1.1.0 (SIP router implementation) is vulnerable to buffer overflow as /str/ might be longer than the destination (where it is coppied to).

Prev by Date: [OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby)
Next by Date: PWDumpX updated (includes CacheDump functionality)
Previous by thread: [OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby)
Next by thread: PWDumpX updated (includes CacheDump functionality)
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.