Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-30] Kiax: Arbitrary code execution Vulnerability Scan
Vulnerability Scan Summary
Kiax: Arbitrary code execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-30
(Kiax: Arbitrary code execution)
The iax_net_read function in the iaxclient library fails to properly
handle IAX2 packets with truncated full frames or mini-frames. These
frames are detected in a length check but processed anyway, leading to
By sending a specially crafted IAX2 packet, a possible hacker could execute
arbitrary code with the permissions of the user running Kiax.
There is no known workaround at this time.
All Kiax users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/kiax-0.8.5_p1"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.