Red Hat Bugzilla – Bug 446182
CVE-2008-2085 sipp: buffer overflows in get_remote_ip_media() and get_remote_ipv6_media()
Last modified: 2008-07-26 02:10:57 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2085 to the following vulnerability:
Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message.
Patch by Nico Golde, addressing both CVE-2008-1959 (was fixed in Fedora by
upgrade to sipp 3.1) and CVE-2008-2085:
sipp-3.1-2.fc9 has been submitted as an update for Fedora 9
sipp-3.1-2.fc8 has been submitted as an update for Fedora 8
sipp-3.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
sipp-3.1-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: