OpenSER OSP Module Validateospheader Function Buffer Overflow Vulnerability

Bugtraq ID:	21801
Class:	Boundary Condition Error
CVE:	CVE-2006-6875
Remote:	Yes
Local:	No
Published:	Dec 28 2006 12:00AM
Updated:	Nov 15 2007 12:35AM
Credit:	Sapheal is credited with the discovery of this vulnerability.
Vulnerable:	OpenSER OpenSER 1.0.9 OpenSER OpenSER 1.0.1 OpenSER OpenSER 1.0 OpenSER OpenSER 0.9.5 OpenSER OpenSER 0.9.4
Not Vulnerable:	OpenSER OpenSER 1.1

OpenSER OSP Module Validateospheader Function Buffer Overflow Vulnerability

OpenSER OSP Module is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of the affected server application. Failed exploit attempts will likely crash the application, resulting in denial-of-service conditions.

OpenSER OSP versions prior to 1.1.0 are reported vulnerable.

OpenSER OSP Module Validateospheader Function Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

OpenSER OSP Module Validateospheader Function Buffer Overflow Vulnerability

Solution:
The vendor has released an update to address this issue. Please see the references for more information.

OpenSER OSP Module Validateospheader Function Buffer Overflow Vulnerability

References:

• OpenSER SIP Server Homepage (OpenSER)
  
• OpenSER OSP Module remote code execution (Sapheal)
  
• Re: OpenSER OSP Module remote code execution ([email protected])