| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | OpenSER 1.1.0 parse_config buffer overflow vulnerability |
| From: | sapheal@hack.pl |
| Date: | 20 Dec 2006 23:32:48 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
Function of a prototype: static int parse_expression(char *str, expression **e, expression **e_exceptions) in OpenSER 1.1.0 (SIP router implementation) is vulnerable to buffer overflow as /str/ might be longer than the destination (where it is coppied to). |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby), OpenPKG GmbH |
|---|---|
| Next by Date: | PWDumpX updated (includes CacheDump functionality), Reed Arvin |
| Previous by Thread: | [OpenPKG-SA-2006.040] OpenPKG Security Advisory (ruby), OpenPKG GmbH |
| Next by Thread: | PWDumpX updated (includes CacheDump functionality), Reed Arvin |
| Indexes: | [Date] [Thread] [Top] [All Lists] |