Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2085 to the following vulnerability: Multiple stack-based buffer overflows in the (1) get_remote_ip_media and (2) get_remote_ipv6_media functions in call.cpp in SIPp 3.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted SIP message. Refences: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479039 http://secunia.com/advisories/30095
Patch by Nico Golde, addressing both CVE-2008-1959 (was fixed in Fedora by upgrade to sipp 3.1) and CVE-2008-2085: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479039#48
sipp-3.1-2.fc9 has been submitted as an update for Fedora 9
sipp-3.1-2.fc8 has been submitted as an update for Fedora 8
sipp-3.1-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
sipp-3.1-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-6210 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-6219