About Us | Contact Us

 


 

VUPEN Free Resources
 
  VUPEN Security Advisories
 
  VUPEN Security Blog & News
  Zero-day Attacks Monitor
  Daily Security Mailinglist
  Explanation of Terms
  Advanced Search Engine
 
   

>> VUPEN Security / Public Mailing Lists Mirror


Assigned : VUPEN/ADV-2005-2781

From : "SecurityLab Research" <SLAB_research at securitylab.net>
Subject : Buffer Overflow in MultiTech VoIP Implementations
Date : 2005-12-05

Original Message

SecurityLab Technologies, Inc.
--- www.securitylab.net ---

Security Advisory
Advisory Name: Buffer Overflow in MultiTech VoIP Implementations
Release Date: December 05, 2005
Application: MultiVoIP Gateway
Platform: Multiple
Severity: Moderate
Author: Ejovi Nuwere <SLAB_research[AT]securitylab.net>
Vendor Status: Patched in Version x.08
Reference: http://www.securitylab.net/research/

Overview:
The MultiVOIP voice over IP gateway provides toll-free voice and fax
communications over the Internet or Intranet. Occasionally MultiTech
develops and licenses their VoIP Gateways and VoIP related stacks for
inclusion in third party platforms. Therefore, this bug may affect
products outside of the MultiTech line.

SecurityLab technologies has discovered a remote buffer overflow in
MultiTech's MultiVOIP product line that may lead to remote code
execution.

Details:
The buffer overflow occurs in the SIP packet INVITE field with a
string greater than 60 characters. Testing was performed on an
embedded device with limited debug environment. Source code was not
avaible for further analysys.

Vendor Response:
Patched. Version x.08

Recommendation:
Contact vendor for current release.

Site of the day:
InfoSecDaily http://www.infosecdaily.net
security news for security professionals

Copyright 2005 SecurityLab Technologies, Inc. You may distribute freely
without modification.


Disclaimer : VUPEN Security does not endorse the content of this message submitted by others to public mailinglists. Messages submitted to public mailinglists do not necessarily reflect the opinions or policies of VUPEN Security. VUPEN Security makes no warranties, express or implied, as to the content of the message in this page or the accuracy and reliability of any messages and other materials submitted to public mailinglists. Any questions or comments regarding this page should be sent to team@vupen.com

 

Monthly Statistics 

 

 VUPEN Security Advisories By Criticality: Sep 2010


  Critical Risk

 : 14%

  High Risk		 : 3%

  Moderate Risk		 : 45%

  Low Risk		 : 38%

Get a real-time view of the vulnerabilities affecting your systems using the VUPEN VNS reporting capabilities.
 
 

Try VUPEN VNS 

 

 


© 2004-2010 VUPEN Security - Copyright - Privacy Policy