Yate Remote Denial of Service Vulnerability in SIP Protocol

Bugtraq ID:	23746
Class:	Input Validation Error
CVE:	CVE-2007-1693
Remote:	Yes
Local:	No
Published:	May 01 2007 12:00AM
Updated:	May 02 2007 03:29PM
Credit:	Yuri Gushin discovered this issue.
Vulnerable:	Null Team Yate 1.1
Not Vulnerable:	Null Team Yate 1.2

Yate Remote Denial of Service Vulnerability in SIP Protocol

Yate is prone to a remote denial-of-service vulnerability.

Successful exploits may allow attackers to crash the application, effectively denying service to legitimate users.

Yate 1.1.0 is vulnerable to this issue; older versions may be vulnerable as well. Yate 1.2.0 and later versions are not affected.

Yate Remote Denial of Service Vulnerability in SIP Protocol

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Yate Remote Denial of Service Vulnerability in SIP Protocol

Solution:
The vendor released version 1.2.0 to address this issue. Contact the vendor for details on obtaining the appropriate updates.

Yate Remote Denial of Service Vulnerability in SIP Protocol

References:

• Yate Homepage (Null Team)
  
• Yate 1.1.0 Denial of Service Vulnerability (Radware)