|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Hat-Squad] Remote Heap Corruption Vulnerability in Interaction SIP Proxy
service
hat-squad.com
Date: Wed Dec 21 2005 - 03:08:29 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hat-Squad Advisory: Remote Heap Corruption Vulnerability in Interaction SIP Proxy
Product: Interaction SIP Proxy
Vendor: Interactive Intelligence Inc. (http://www.inin.com)
Systems Affected:
Vonexus Enterprise Interaction Center
Interaction SipProxy 3.0.010
Release Date: 12/21/2005
Vendor Status:
Informed on 12/11/2005
Initial response on 12/12/2005
Patch released on 12/18/2005
Overview:
Interaction SIP Proxy is Microsoft Windows-based software that provides basic SIP proxy and registrar functionality as defined in the IETF SIP-oriented RFC 3261. The Interaction SIP Proxy routes incoming SIP messages based on configurable dial plan and server plans, with simplified administration via Web interface.
Problem:
Hat-Squad security team has discovered a remote heap overflow in Interaction SIP Proxy. The vulnerability allows a remote attacker to overwrite heap memory and cause a a severe denial-of-service condition on system. Exploitation of this vulnerability for code execution requires a magic sequence of pre-allocations, data and size.
Technical Details:
The code in i3sipmsg.dll is responsible for handling SIP requests. The vulnerability is triggered by sending 2900 bytes of space (0x20) or TAB (0x9) characters as SIP version in a REGISTER request line. This will cause a heap overflow in SIPParser function.
A Proof of concept for this vulnerability is available at http://www.hat-squad.com/i3sip.html
Credits:
This Vulnerability has been Discovered By Behrang Fouladi (behrang hat-squad com)
Greetings:
Persia, Hamid, Hesam geek, Nima, Brett Moore, class101 and Babak
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]