OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: SMS handling OpenSER remote code executing

bogdanvoice-system.ro
Date: Thu Jan 04 2007 - 09:34:54 CST


Thanks for report. I just applied an fix for both the latest stable version (1.1.0) and the development version (1.2.0).

Not sure if code injection is possible as the maximum overflow is of 5 bytes, guess not long enough to encode an instruction.

Regards,
Bogdan