Bug 152672 - PWLib: Carefully crafted messages can cause a Denial of Service on a application.
Summary: PWLib: Carefully crafted messages can cause a Denial of Service on a applicat...
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: Package request   
(Show other bugs)
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://www.openh323.org/
Depends On:
TreeView+ depends on / blocked
Reported: 2004-02-15 08:04 UTC by David Lawrence
Modified: 2008-05-01 15:38 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description David Lawrence 2005-03-30 23:23:29 UTC

A test suite for the H.225 protocol (part of the H.323 family) provided by
the NISCC uncovered bugs in PWLib prior to version 1.6.0. An attacker
could trigger these bugs by sending carefully crafted messages to an
application. The effects of such an attack can vary depending on the
application, but would usually result in a Denial of Service. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2004-0097 to this issue.

------- Additional Comments From jonny.strom@netikka.fi 2004-02-15 03:11:07 ----

A backported fix for RH 7.3 is avalible from:


pwlib-1.2.12-       dd31c44d1ea0d8e6341bcd0604bb64f1

pwlib-devel-1.2.12- cb18cb98e1e620b63122ebd7dd01c2f4

pwlib-1.2.12-        a61430ef95666aa0d41d9162d6053ea5

pwlib-1.2.12-ranges.patch                  2dc35057a654f2a057491a008b1650c0 

I did some testing with Gnomemeeting that uses pwlib and it seems to work ok,
note that Gnomemeeting can crash on exit this is an old bug in gnomemeeting not
caused by this fix. In addition if someone wants to do testing with other users
trough an ILS server so is the new addres ils.seconix.com.

------- Additional Comments From jkeating@j2solutions.net 2004-02-24 18:01:57 ----

Red Hat didn't ship w/ pwlib.  Building 8.0 rpms.

------- Additional Comments From jkeating@j2solutions.net 2004-02-24 19:12:55 ----

Pushed to updates-testing due to timeout.

------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:23 -------

This bug previously known as bug 1296 at https://bugzilla.fedora.us/
Originally filed under the Fedora Legacy product and Package request component.

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Unknown severity major. Setting to default severity "normal".
The original reporter of this bug does not have
   an account here. Reassigning to the person who moved
   it here, dkl@redhat.com.
   Previous reporter was jonny.strom@netikka.fi.
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Note You need to log in before you can comment on or make changes to this bug.