Bug 296371 (CVE-2007-4924) - CVE-2007-4924 ekiga remote crash caused by insufficient input validation
Summary: CVE-2007-4924 ekiga remote crash caused by insufficient input validation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-4924
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 297551 297561 310471 310481 833946
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-09-19 14:17 UTC by Tomas Hoger
Modified: 2019-09-29 12:21 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-12-20 12:18:26 UTC


Attachments (Terms of Use)
Patch backported from CVS. (1.02 KB, patch)
2007-09-27 15:18 UTC, Tomas Hoger
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2007:0957 normal SHIPPED_LIVE Moderate: opal security update 2007-10-08 08:09:02 UTC

Description Tomas Hoger 2007-09-19 14:17:00 UTC
José Miguel Esparza discovered that insufficient input validation is performed
on SIP protocol header field 'Content-Length' by opal library used by ekiga. 
This flaw can be used to write '\0' byte to attacker-controlled address and
crash ekiga.  Ekiga 2.0.10 using opal library 2.2.10 was released to address
this issue.

Ekiga 2.0.10 release notes:
http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html

CVS commit pointed out by upstream:
http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20&pathrev=Phobos
(some of the previous commits may be required to get complete checks / fix)

Comment 4 Tomas Hoger 2007-09-27 15:18:20 UTC
Created attachment 208511 [details]
Patch backported from CVS.

Comment 9 Tomas Hoger 2007-12-20 12:18:26 UTC
Fixed in affected products:

Red Hat Enterprise Linux:  	
  http://rhn.redhat.com/errata/RHSA-2007-0957.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-2245



Note You need to log in before you can comment on or make changes to this bug.