Signature Detail
Short Name |
VOIP:IAX-INT-OF |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
VOIP |
Keywords |
IAXclient Truncated Frames |
Release Date |
2006/06/21 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: IAXclient Truncated Frames
This signature detects attempts to exploit a known vulnerability in the IAX Client. A successful attack can lead to an integer overflow and arbitrary remote code execution within the context of the application.
Extended Description
The IAXClient library is prone to multiple remote buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers. These issues allow remote attackers to execute arbitrary machine code in the context of applications that use the affected library to process IAX network datagrams. The following packages are known to use a vulnerable version of the library: - IDE FISK, versions 1.35 and prior - IaxComm, versions prior to 1.2.0 - KIAX, versions 0.8.5 and prior - LoudHush, versions 1.3.6 and prior Other packages may also use the affected library.
Affected Products
- asterisKGuru IDEFISK Softphone 1.35
- Gentoo Linux
- IAXClient
- IaxComm 1.0.0
- Kiax 0.8.5
- LoudHush 1.3.6
References