Signature Detail

SIP: SIP Foundry sipXtapi Overflow

This signature detects attempts to exploit a known vulnerability in the sipXtapi library. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the service utilizing the library.

Extended Description

The sipXtapi product is reported to be prone to a remote buffer-overflow vulnerability. This issue presents itself when the application handles a specially crafted 'CSeq' value. A successful attack may lead to unauthorized remote access in the context of a user running an affected application that uses the vulnerable library. Reports indicate that sipXtapi versions that were released prior to March 24, 2006 are vulnerable to this issue. Certain PingTel products and versions of AOL Triton may be affected because they employ the vulnerable library.

Affected Products

• AOL AIM Triton 1.0.4
• SIPfoundry sipXtapi

References

• BugTraq: 18906
• CVE: CVE-2006-3524
• URL: http://www.juniper.net/security/auto/vulnerabilities/vuln3431.html
• URL: http://www.securityfocus.com/archive/1/439617
• URL: http://www.securiteam.com/securitynews/5HP0420JFU.html