OpenSER 1.1.0 parse_config buffer overflow vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: OpenSER 1.1.0 parse_config buffer overflow vulnerability
From: sapheal@xxxxxxx
Date: 20 Dec 2006 23:32:48 -0000

Function of a prototype:
static int parse_expression(char *str, expression **e, expression **e_exceptions) 

in OpenSER 1.1.0 (SIP router implementation) is vulnerable to buffer overflow as /str/ might be longer than the destination (where it is coppied to).

Prev by Date: [OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby)
Next by Date: PWDumpX updated (includes CacheDump functionality)
Previous by thread: [OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby)
Next by thread: PWDumpX updated (includes CacheDump functionality)
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux