|
Family: Misc. --> Category: infos
eStara SoftPhone SDP Data Attribute Buffer Overflow Vulnerability Vulnerability Scan
Vulnerability Scan Summary Checks version number of eStara SoftPhone
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote SIP client is prone to a buffer overflow vulnerability.
Description :
The version of SoftPhone installed on the remote host reportedly fails
to properly handle SIP packets with long 'a=' lines in the SDP data.
An unauthenticated remote attacker may be able to exploit this flaw to
overflow a buffer and execute arbitrary code on the remote host.
See also :
http://www.securityfocus.com/archive/1/archive/1/421596/100/0/threaded
Solution :
Upgrade to eStara SoftPhone version 3.0.1.47 or later.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/A:P/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|