OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
BID:21706
Info
OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 21706 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 21 2006 12:00AM |
| Updated: | Jan 02 2007 06:36PM |
| Credit: | Michal Bucko is credited with the discovery of this vulnerability. |
| Vulnerable: |
OpenSER OpenSER 1.1 OpenPKG OpenPKG E1.0-Solid |
| Not Vulnerable: | |
Discussion
OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
OpenSER is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate bounds-checks on user-supplied input before copying it to an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code with the permissions of the application.
OpenSER 1.1.0 is vulnerable; other versions may also be affected.
OpenSER is prone to a remote buffer-overflow vulnerability because the software fails to perform adequate bounds-checks on user-supplied input before copying it to an insufficiently sized buffer.
An attacker could exploit this issue to execute arbitrary code with the permissions of the application.
OpenSER 1.1.0 is vulnerable; other versions may also be affected.
Exploit / POC
OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Solution / Fix
OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
Solution:
Please see the referenced advisories for further information.
Solution:
Please see the referenced advisories for further information.
References
OpenSER Parse_Expression Remote Buffer Overflow Vulnerability
References:
References: