Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

OpenSER OSP Module remote code execution

from [sapheal] Network Security [Permanent Link]
Subject: OpenSER OSP Module remote code execution
Date: Thu, 28 Dec 2006 13:22:38 +0100 
Synopsis:  OpenSER OSP Module remote code execution
Product:   OpenSER
Version:   <=1.1.0



Issue:
======

A critical security vulnerability has been found in OpenSER Open
Settlement Protocol (OSP) module. OSP is an ETSI defined standard
for Inter-Domain VoIP pricing,authorization and usage exchange. 


Details:
========

int validateospheader (struct sip_msg* msg, char* ignore1, char* ignore2) 

This following fuction suffers from buffer overflow vulnerability, which
leads to memory corruption conditions. Due to memory corruption conditions
remote code execution is possible.



Affected Versions
=================

OpenSER <= 1.1.0

Solution
=========

Proper boundary checking.


Exploitation
============

Exploitation might be conducted by preparing a specially crafted
OSP header.






Kind regards,

Michał Bućko - sapheal
Senior Security Specialist
HACK.PL
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • OpenSER OSP Module remote code execution, sapheal <=
Previous by Date:  Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities, xorontr
Next by Date:  Re: XSS with Vbulletin (new idea !), l . d . 0
Previous by Thread:  Limbo CMS event module (lm_absolute_path) Remote File Include Vulnerabilities, xorontr
Next by Thread:  SMS handling OpenSER remote code executing, sapheal
Indexes:  [Date] [Thread] [Top] [All Lists]