Ekiga Denial of Service

Advisory Content :

##############################################################

- S21Sec Advisory -

##############################################################

Title: Ekiga Denial of Service
ID: S21SEC-036-en
Severity: Medium - Remote DoS
History: 14.May.2007 Vulnerability discovered
09.Jul.2007 Vendor contacted

Scope: Application Denial of Service
Platforms: Any
Author: Jose Miguel Esparza (jesparza@s21sec.com)
URL: http://www.s21sec.com/avisos/s21sec-036-en.txt
Release: Public

[ SUMMARY ]

Ekiga (formely known as GnomeMeeting) is an open source VoIP and video
conferencing application for
GNOME. Ekiga uses both the H.323 and SIP protocols. It supports many audio
and video codecs, and is
interoperable with other SIP compliant software and also with Microsoft
NetMeeting.

[ AFFECTED VERSIONS ]

Following versions are affected with this issue:

- Ekiga 2.0.7 and prior.

[ DESCRIPTION ]

Due to a bad management of memory allocation for the input data it's
possible to crash the application
causing a denial of service.

[ WORKAROUND ]

Upgrade to 2.0.9 version is recommended to resolve this problem. If not
possible, some
additional input data check will be necessary in the
SIPURL::GetHostAddress() function.

[ ACKNOWLEDGMENTS ]

This vulnerability have been found and researched by:

- Jose Miguel Esparza <jesparza@s21sec.com> S21Sec

[ ADDITIONAL INFORMATION ]

This vulnerability has been discovered thanks to the network fuzzer
Malybuzz available in the url
http://malybuzz.sourceforge.net/.

[ REFERENCES ]

* Ekiga
http://ekiga.org

* S21Sec
http://www.s21sec.com

* Malybuzz
http://malybuzz.sourceforge.net/

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason