Buffer Overflow in MultiTech VoIP Implementations
- From: "SecurityLab Research" <SLAB_research@xxxxxxxxxxxxxxx>
- Date: Mon, 5 Dec 2005 12:54:52 -0500
SecurityLab Technologies, Inc.
--- www.securitylab.net ---
Advisory Name: Buffer Overflow in MultiTech VoIP Implementations
Release Date: December 05, 2005
Application: MultiVoIP Gateway
Author: Ejovi Nuwere <SLAB_research[AT]securitylab.net>
Vendor Status: Patched in Version x.08
The MultiVOIP voice over IP gateway provides toll-free voice and fax
communications over the Internet or Intranet. Occasionally MultiTech
develops and licenses their VoIP Gateways and VoIP related stacks for
inclusion in third party platforms. Therefore, this bug may affect
products outside of the MultiTech line.
SecurityLab technologies has discovered a remote buffer overflow in
MultiTech's MultiVOIP product line that may lead to remote code
The buffer overflow occurs in the SIP packet INVITE field with a
string greater than 60 characters. Testing was performed on an
embedded device with limited debug environment. Source code was not
avaible for further analysys.
Patched. Version x.08
Contact vendor for current release.
Site of the day:
security news for security professionals
Copyright 2005 SecurityLab Technologies, Inc. You may distribute freely
- Prev by Date: Outpost24 Public Security Note: Linux/Elxbot
- Next by Date: SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:067)
- Previous by thread: Outpost24 Public Security Note: Linux/Elxbot
- Next by thread: SUSE Security Announcement: kernel various security and bugfixes (SUSE-SA:2005:067)