Red Hat Bugzilla – Bug 152672
PWLib: Carefully crafted messages can cause a Denial of Service on a application.
Last modified: 2008-05-01 11:38:06 EDT
A test suite for the H.225 protocol (part of the H.323 family) provided by
the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker
could trigger these bugs by sending carefully crafted messages to an
application. The effects of such an attack can vary depending on the
application, but would usually result in a Denial of Service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0097 to this issue.
------- Additional Comments From firstname.lastname@example.org 2004-02-15 03:11:07 ----
A backported fix for RH 7.3 is avalible from:
I did some testing with Gnomemeeting that uses pwlib and it seems to work ok,
note that Gnomemeeting can crash on exit this is an old bug in gnomemeeting not
caused by this fix. In addition if someone wants to do testing with other users
trough an ILS server so is the new addres ils.seconix.com.
------- Additional Comments From email@example.com 2004-02-24 18:01:57 ----
Red Hat didn't ship w/ pwlib. Building 8.0 rpms.
------- Additional Comments From firstname.lastname@example.org 2004-02-24 19:12:55 ----
Pushed to updates-testing due to timeout.
------- Bug moved to this database by email@example.com 2005-03-30 18:23 -------
This bug previously known as bug 1296 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.
Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity major. Setting to default severity "normal".
The original reporter of this bug does not have
an account here. Reassigning to the person who moved
it here, firstname.lastname@example.org.
Previous reporter was email@example.com.
Setting qa contact to the default for this product.
This bug either had no qa contact or an invalid one.