|
|
>> AGEphone SIP Packet Handling Remote Buffer Overflow and Code Execution Vulnerability
|
Title : AGEphone SIP Packet Handling Remote Buffer Overflow and Code Execution Vulnerability
VUPEN ID : VUPEN/ADV-2006-2959
CVE ID : CVE-2006-4029
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-07-25
|
A vulnerability has been identified in AGEphone, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service. This flaw is due to a buffer overflow error in the "sipd.dll" library when processing specially crafted "SIP" packets, which could be exploited by remote attackers to execute arbitrary code with the privileges of the logged in user.
Affected Products
AGEphone versions prior to 1.40
Solution
Upgrade to AGEphone version 1.40 :
http://www.ageet.com/us/download.htm
References
http://www.vupen.com/english/advisories/2006/2959
http://vuln.sg/agephone1381-en.html
Credits
Vulnerability reported by Tan Chew Keong
ChangeLog
2006-07-25 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
