KPhone Malformed STUN Packet Denial Of Service Vulnerability
BID:10159
Info
KPhone Malformed STUN Packet Denial Of Service Vulnerability
| Bugtraq ID: | 10159 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2004 12:00AM |
| Updated: | Apr 08 2004 12:00AM |
| Credit: | Discovery is credited to STORM. |
| Vulnerable: |
KPhone KPhone 4.0.1 KPhone KPhone 3.14 KPhone KPhone 3.13 KPhone KPhone 3.12 KPhone KPhone 3.11 KPhone KPhone 3.1 KPhone KPhone 3.0 KPhone KPhone 2.11 KPhone KPhone 2.1 KPhone KPhone 2.0 |
| Not Vulnerable: |
KPhone KPhone 4.0.2 |
Discussion
KPhone Malformed STUN Packet Denial Of Service Vulnerability
A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP (Session Initiation Protocol) STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths, causing an out of bounds read and subsequent crash.
It is not known if this condition could be further exploited to execute arbitrary code, though it has been conjectured that it is not exploitable.
A denial of service vulnerability has been reported in KPhone. This issue may be triggered by a malformed SIP (Session Initiation Protocol) STUN message. This is due to insufficient validation of user-specified STUN packet attribute lengths, causing an out of bounds read and subsequent crash.
It is not known if this condition could be further exploited to execute arbitrary code, though it has been conjectured that it is not exploitable.
Exploit / POC
KPhone Malformed STUN Packet Denial Of Service Vulnerability
The following exploit was released:
The following exploit was released:
Solution / Fix
KPhone Malformed STUN Packet Denial Of Service Vulnerability
Solution:
This issue has been addressed in KPhone 4.0.2.
KPhone KPhone 2.0
KPhone KPhone 2.1
KPhone KPhone 2.11
KPhone KPhone 3.0
KPhone KPhone 3.1
KPhone KPhone 3.11
KPhone KPhone 3.12
KPhone KPhone 3.13
KPhone KPhone 3.14
KPhone KPhone 4.0.1
Solution:
This issue has been addressed in KPhone 4.0.2.
KPhone KPhone 2.0
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 2.1
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 2.11
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 3.0
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 3.1
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 3.11
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 3.12
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 3.13
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 3.14
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
KPhone KPhone 4.0.1
-
KPhone kphone-4.0.2.tar.gz
http://www.wirlab.net/kphone/kphone-4.0.2.tar.gz
References
KPhone Malformed STUN Packet Denial Of Service Vulnerability
References:
References:
- KPhone Homepage (KPhone)
- KPhone STUN DoS (Malformed STUN Packets) (Aviram Jenik
)