CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability

Bugtraq ID:	25299
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-4382
Remote:	Yes
Local:	No
Published:	Aug 13 2007 12:00AM
Updated:	May 07 2015 05:36PM
Credit:	Zwell is credited with discovering this issue.
Vulnerable:	CounterPath X-Lite 3.0
Not Vulnerable:

CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability

CounterPath X-Lite is prone to a denial-of-service vulnerability because the application fails to properly handle malformed data.

Successful exploits can allow remote attackers to crash the application, resulting in denial-of-service conditions.

This issue affects X-Lite 3.0; other versions may also be affected.

CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability

The following exploit is available:

• /data/vulnerabilities/exploits/25299.cpp

CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

CounterPath X-Lite SIP Soft Phone Malformed Packet Denial of Service Vulnerability

References:

• X-Lite Homepage (CounterPath)
  
• CounterPath X-Lite SIP phone Remote Denial of Service vulnerability (zwell)