CVE-2007-4924 - OpenCVE

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Openh323 Project	Openh323
Ekiga	Ekiga

Configuration 1 [-]

OR	cpe:2.3:a:ekiga:ekiga::::::::
	cpe:2.3:a:openh323_project:openh323::::::::

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html
http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html	Patch
http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20
http://osvdb.org/41637
http://secunia.com/advisories/27118	Patch Vendor Advisory
http://secunia.com/advisories/27128	Patch Vendor Advisory
http://secunia.com/advisories/27129	Patch Vendor Advisory
http://secunia.com/advisories/27271
http://secunia.com/advisories/27524
http://secunia.com/advisories/28380
http://www.mandriva.com/security/advisories?name=MDKSA-2007:205
http://www.redhat.com/support/errata/RHSA-2007-0957.html	Patch
http://www.s21sec.com/avisos/s21sec-037-en.txt
http://www.securityfocus.com/archive/1/482120/30/4500/threaded
http://www.securityfocus.com/bid/25955
http://www.securitytracker.com/id?1018776
http://www.ubuntu.com/usn/usn-562-1
http://www.vupen.com/english/advisories/2007/3413
http://www.vupen.com/english/advisories/2007/3414
https://bugzilla.redhat.com/show_bug.cgi?id=296371
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398
https://www.exploit-db.com/exploits/9240

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-10-08T21:00:00

Updated: 2018-10-15T20:57:01

Reserved: 2007-09-17T00:00:00

Link: CVE-2007-4924

JSON object: View

NVD Information

Status : Modified

Published: 2007-10-08T21:17:00.000

Modified: 2018-10-15T21:38:50.363

Link: CVE-2007-4924

JSON object: View

Redhat Information

No data.

CWE

CWE-20

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-09-17T00:00:00", "descriptions": [{"lang": "en", "value": "The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \\0 byte to be written to an \"attacker-controlled address.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "27118", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27118"}, {"name": "27271", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27271"}, {"name": "1018776", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1018776"}, {"name": "25955", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25955"}, {"name": "27129", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27129"}, {"name": "MDKSA-2007:205", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:205"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=296371"}, {"name": "28380", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28380"}, {"name": "41637", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/41637"}, {"name": "RHSA-2007:0957", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0957.html"}, {"name": "[ekiga-list] 20070917 [ANNOUNCE] Ekiga 2.0.10 released", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html"}, {"name": "USN-562-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-562-1"}, {"name": "oval:org.mitre.oval:def:11398", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398"}, {"tags": ["x_refsource_MISC"], "url": "http://www.s21sec.com/avisos/s21sec-037-en.txt"}, {"name": "20071011 S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/482120/30/4500/threaded"}, {"name": "SUSE-SR:2007:021", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"}, {"name": "ADV-2007-3413", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3413"}, {"name": "ADV-2007-3414", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/3414"}, {"name": "9240", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/9240"}, {"name": "27524", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27524"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20"}, {"name": "27128", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/27128"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4924", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \\0 byte to be written to an \"attacker-controlled address.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "27118", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27118"}, {"name": "27271", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27271"}, {"name": "1018776", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1018776"}, {"name": "25955", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25955"}, {"name": "27129", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27129"}, {"name": "MDKSA-2007:205", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:205"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=296371", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=296371"}, {"name": "28380", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28380"}, {"name": "41637", "refsource": "OSVDB", "url": "http://osvdb.org/41637"}, {"name": "RHSA-2007:0957", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2007-0957.html"}, {"name": "[ekiga-list] 20070917 [ANNOUNCE] Ekiga 2.0.10 released", "refsource": "MLIST", "url": "http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html"}, {"name": "USN-562-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-562-1"}, {"name": "oval:org.mitre.oval:def:11398", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398"}, {"name": "http://www.s21sec.com/avisos/s21sec-037-en.txt", "refsource": "MISC", "url": "http://www.s21sec.com/avisos/s21sec-037-en.txt"}, {"name": "20071011 S21SEC-037-en: OPAL SIP Protocol Remote Denial of Service", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/482120/30/4500/threaded"}, {"name": "SUSE-SR:2007:021", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"}, {"name": "ADV-2007-3413", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3413"}, {"name": "ADV-2007-3414", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/3414"}, {"name": "9240", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/9240"}, {"name": "27524", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27524"}, {"name": "http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20", "refsource": "CONFIRM", "url": "http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20"}, {"name": "27128", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/27128"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4924", "datePublished": "2007-10-08T21:00:00", "dateReserved": "2007-09-17T00:00:00", "dateUpdated": "2018-10-15T20:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ekiga:ekiga:*:*:*:*:*:*:*:*", "matchCriteriaId": "7AA58E06-4F99-41F5-82C4-596B9086E34C", "versionEndIncluding": "2.0.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:openh323_project:openh323:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9000792-2E73-4D72-8032-259266E91722", "versionEndIncluding": "2.2.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \\0 byte to be written to an \"attacker-controlled address.\""}, {"lang": "es", "value": "Open Phone Abstraction Library (opal), como la usada en (1) Ekiga anterior a 2.0.10 y (2) OpenH323 anterior a 2.2.4, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante una cabecera Content-Length inv\u00e1lida en paquetes SIP del Protocolo de Inicio de Sesi\u00f3n (SIP, Session Initiation Protocol), lo cual provoca que el byte \\0 sea escrito en una \"direcci\u00f3n controlada por el atacante\"."}], "id": "CVE-2007-4924", "lastModified": "2018-10-15T21:38:50.363", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-10-08T21:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html"}, {"source": "cve@mitre.org", "url": "http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/41637"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27118"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27128"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/27129"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27271"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/27524"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/28380"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:205"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.redhat.com/support/errata/RHSA-2007-0957.html"}, {"source": "cve@mitre.org", "url": "http://www.s21sec.com/avisos/s21sec-037-en.txt"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/482120/30/4500/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25955"}, {"source": "cve@mitre.org", "url": "http://www.securitytracker.com/id?1018776"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/usn-562-1"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3413"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/3414"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=296371"}, {"source": "cve@mitre.org", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/9240"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}