CVE-2007-4924

Published: Oct 8, 2007Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The Open Phone Abstraction Library (opal), as used by (1) Ekiga before 2.0.10 and (2) OpenH323 before 2.2.4, allows remote attackers to cause a denial of service (crash) via an invalid Content-Length header field in Session Initiation Protocol (SIP) packets, which causes a \0 byte to be written to an "attacker-controlled address."

Affected (2)

Products: Ekiga: Ekiga · Openh323 Project: Openh323

1 product

Openh323 Project

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Ekiga Ekiga	Up to 2.0.9
Openh323 Project Openh323	Up to 2.2.3

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (44)

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

Source: cve@mitre.org

http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html

Source: cve@mitre.org

Patch

http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20

Source: cve@mitre.org

http://osvdb.org/41637

Source: cve@mitre.org

http://secunia.com/advisories/27118

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/27128

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/27129

Source: cve@mitre.org

PatchVendor Advisory

http://secunia.com/advisories/27271

Source: cve@mitre.org

http://secunia.com/advisories/27524

Source: cve@mitre.org

http://secunia.com/advisories/28380

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2007:205

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2007-0957.html

Source: cve@mitre.org

Patch

http://www.s21sec.com/avisos/s21sec-037-en.txt

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/482120/30/4500/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/25955

Source: cve@mitre.org

http://www.securitytracker.com/id?1018776

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-562-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3413

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2007/3414

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=296371

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398

Source: cve@mitre.org

https://www.exploit-db.com/exploits/9240

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2007-10/msg00006.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://mail.gnome.org/archives/ekiga-list/2007-September/msg00103.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sippdu.cxx?r1=2.83.2.19&r2=2.83.2.20

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/41637

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27118

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/27128

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/27129

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://secunia.com/advisories/27271

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/27524

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/28380

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDKSA-2007:205

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2007-0957.html

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.s21sec.com/avisos/s21sec-037-en.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/482120/30/4500/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/25955

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1018776

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/usn-562-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3413

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2007/3414

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=296371

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11398

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.exploit-db.com/exploits/9240

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.